安全分析报告: 小米粒 v1.0

安全分数


安全分数 43/100

风险评级


等级

  1. A
  2. B
  3. C
  4. F

严重性分布 (%)


隐私风险

1

用户/设备跟踪器


调研结果

高危 4
中危 15
信息 2
安全 1
关注 0

高危 基本配置不安全地配置为允许到所有域的明文流量。 

Scope:
*

高危 基本配置配置为信任用户安装的证书。 

Scope:
*

高危 Activity (xnjn.w716.xtwq.aron) 的启动模式不是standard模式 

Activity 不应将启动模式属性设置为 "singleTask/singleInstance",因为这会使其成为根 Activity,并可能导致其他应用程序读取调用 Intent 的内容。因此,当 Intent 包含敏感信息时,需要使用 "standard" 启动模式属性。

高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 

不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification

Files:
b3/j.java, line(s) 117,114
b3/k.java, line(s) 112,109

中危 基本配置配置为信任系统证书。 

Scope:
*

中危 应用程序已启用明文网络流量 

[android:usesCleartextTraffic=true]
应用程序打算使用明文网络流量,例如明文HTTP,FTP协议,DownloadManager和MediaPlayer。针对API级别27或更低的应用程序,默认值为“true”。针对API级别28或更高的应用程序,默认值为“false”。避免使用明文流量的主要原因是缺乏机密性,真实性和防篡改保护;网络攻击者可以窃听传输的数据,并且可以在不被检测到的情况下修改它。

中危 Activity (xnjn.w716.xtwq.oy_y) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (xnjn.w716.xtwq.m4xj.activity.ivyn) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 Activity (xnjn.w716.xtwq.f0lx) 未被保护。 

[android:exported=true]
发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。

中危 应用程序使用不安全的随机数生成器 

应用程序使用不安全的随机数生成器
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators

Files:
c3/d.java, line(s) 8
g2/a.java, line(s) 3
g2/b.java, line(s) 5
g2/c.java, line(s) 3
h2/a.java, line(s) 3
xnjn/w716/xtwq/aron.java, line(s) 64

中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞 

不安全的Web视图实现。可能存在WebView任意代码执行漏洞
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5

Files:
c3/h.java, line(s) 50,78
c3/o.java, line(s) 52,80

中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 

可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6

Files:
c3/h.java, line(s) 80,78
c3/o.java, line(s) 82,80
e/g.java, line(s) 108,157,117,165

中危 MD5是已知存在哈希冲突的弱哈希 

MD5是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
v1/c.java, line(s) 927,1040
v1/g.java, line(s) 187
xnjn/w716/xtwq/aron.java, line(s) 614

中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 

应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2

Files:
e/r0.java, line(s) 9,138,197
n1/g.java, line(s) 3,40,41
n1/h.java, line(s) 4,21
n1/i.java, line(s) 5,6,15,16,34,35,38,39

中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 

应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage

Files:
l1/e.java, line(s) 115,115,115

中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件 

应用程序创建临时文件。敏感信息永远不应该被写进临时文件


Files:
j0/d.java, line(s) 99

中危 SHA-1是已知存在哈希冲突的弱哈希 

SHA-1是已知存在哈希冲突的弱哈希
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4

Files:
org/repackage/a/a/a/a/c.java, line(s) 89

中危 应用程序包含隐私跟踪程序 

此应用程序有多个1隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。

中危 此应用可能包含硬编码机密信息 

从应用程序中识别出以下机密确保这些不是机密或私人信息
友盟统计的=> "UMENG_CHANNEL" : "website"
Y8WrxJVmYcSDQ29udGVudC1UeXBlZmHEg2bHmMSB
YseaxItmYcSDaHR0cDovL3NjaGVtYXMuYW5kcm9pZC5jb20vYXBrL3Jlcy9hbmRyb2lkZmHEg2XHmsSL
ZMeUxIVmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19GSU5FX0xPQ0FUSU9OZmHEg2bHnMSF
x5THmMSPZmHEg2NsYXNzZXNfdG9fcmVzdG9yZWZhxIPHmmXEjw==
xatlxINmYcSDc3RhbmRhcmRGdWxsU2NyZWVuZmHEg8eUw7zEgw==
x5rDucSPZmHEg3NvZmFyZmHEg8eW7p+IxI8=
w7nFq8STZmHEg+aJq+eggeWksei0pWZhxINlZsST
w7ljxI9mYcSDRmFpbGVkIHRvIGludm9rZSBzZXRMYXlvdXREaXJlY3Rpb24oaW50KSB2aWEgcmVmbGVjdGlvbmZhxIPFq8eYxI8=
YmHElWZhxIN2YXIgdmlkZW9zPWRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKFwndmlkZW9cJyk7XG5mb3IoaT0wO2k8dmlkZW9zLmxlbmd0aDtpKyspXG57XG52aWRlb3NbaV0uYWRkRXZlbnRMaXN0ZW5lcihcJ3dlYmtpdGZ1bGxzY3JlZW5jaGFuZ2VcJywgZnVuY3Rpb24oZSkge1xuZmHEg2NhxIE=
ZMO6xI9mYcSDc3VwcG9ydExpdGVXbmRmYcSDZu6fiMSP
xatlxItmYcSD6aG16Z2i5YaF5YWo5bGP5pKt5pS+5qih5byPZmHEg8ecxavEiw==
xavFq8SVZmHEg+W8gOWQr1g15YWo5bGP5pKt5pS+5qih5byPZmHEg8Wrx5TEgQ==
w7xhxJNmYcSDIOivt+axguaCqOeahOS9jee9ruS/oeaBr2ZhxIPHlMWrxJM=
ZMecxINmYcSDICAgICAgICBsb2NhdGlvbi5ocmVmPWV2ZW50LnNyY0VsZW1lbnQuY3VycmVudFNyYztcbmZhxIPHnMO6xIM=
xavDucSTZmHEg3dlaXhpbjovL2ZhxIPDvGPEkw==
x5jHlsSDZmHEg2FuZHJvaWQucGVybWlzc2lvbi5SRUNPUkRfQVVESU9mYcSD7p+IxavEgw==
ZseYxIlmYcSDZmlsZWRvd25sb2FkZXJDb25uZWN0aW9uZmHEg8O6xavEiQ==
ZWPEjWZhxIPnvZHpobXml6Dms5XmiZPlvIBmYcSDxatmxI0=
x5bHlsSFZmHEg1BhcmFtZXRlciBzcGVjaWZpZWQgYXMgbm9uLW51bGwgaXMgbnVsbDogbWV0aG9kIGZhxINiZcSF
ZceWxIVmYcSDcl97aS0xfSB3YXMgemVyb2ZhxIPHnGTEhQ==
7p+IYsSLZmHEg2phdmFfb2JqZmHEg8O5w7nEiw==
x5THlMSDZmHEg3N0YXR1c2ZhxIPFq8eaxIM=
w7pjxJVmYcSDREVMRVRFIEZST00gZmlsZWRvd25sb2FkZXJDb25uZWN0aW9uIFdIRVJFIGlkID0gZmHEg+6fiMecxIE=
x5jHmsSDZmHEg1Jlc291cmNlc0NvbXBhdGZhxINjx5rEgw==
Y8ecxINmYcSDaHR0cHM6Ly9mYcSDZGTEgw==
w7rDucSTZmHEg2FuZHJvaWQuaW50ZW50LmFjdGlvbi5WSUVXZmHEg8O6x5rEkw==
Y8eaxI1mYcSDaXNIYXNQZXJtaXNzc2lvbmZhxINlx5TEjQ==
Y2bEiWZhxINpbWFnZS8qZmHEg8O5x5zEiQ==
xavDucSFZmHEg2N1cnJlbnRPZmZzZXRmYcSD7p+Iw7nEhQ==
x5bDucSVZmHEg2FsaXBheXM6Ly9mYcSD7p+Ix5TEgQ==
w7ljxJNmYcSDLHJlc3VsdENvZGU6ZmHEg8eYYsST
x5jDusSTZmHEg2FuZHJvaWR4OmFwcGNvbXBhdGZhxINkx5zEkw==
ZseWxI9mYcSDRGVmYXVsdFZpZGVvU2NyZWVuZmHEg2Tun4jEjw==
Y2HEk2ZhxINhbmRyb2lkLnBlcm1pc3Npb24uV1JJVEVfRVhURVJOQUxfU1RPUkFHRWZhxINhYsST
Y8WrxIdmYcSDY29zdCB0aW1lOiBmYcSDx5THlsSH
Y8O6xIlmYcSDU3RvcmluZyBBcHAgTG9jYWxlcyA6IGFwcC1sb2NhbGVzOiBmYcSDx5rDucSJ
x5jDusSJZmHEg3RleHRWaWV3IGNhbm5vdCBiZSBudWxsZmHEg8WrZsSJ
Y8O6xIdmYcSDTXVsdGlEZXggaW5zdGFsbGF0aW9uIGZhaWxlZCAoZmHEg8O8x5jEhw==
x5ZkxIlmYcSDbWFjaGluZWNvZGVmYcSDY2HEiQ==
YcWrxJVmYcSD5oKo55qE5rOo5YaM56CB5bCG5ZyoZmHEg8eYx5jEgQ==
xathxIlmYcSD5py65Zmo56CB5bey57uP5ou36LSd5Yiw5Ymq5YiH5p2/ZmHEg8eYZMSJ
Y8O8xJVmYcSDYnJvd3NlcmZhxIPFq8WrxIE=
ZceaxJVmYcSD5paH5Lu25ZCN5LiN5q2j56GuZmHEg2FixIE=
YmXEi2ZhxINhbmRyb2lkLm1lZGlhLmFjdGlvbi5JTUFHRV9DQVBUVVJFZmHEg2PDusSL
w7pixIlmYcSDLjNncGZhxIPHlsO5xIk=
x5bDusSFZmHEg3N1cHBvcnRMaXRlV25kZmHEg8eUw7nEhQ==
ZceUxIVmYcSDQmFkIENvbXBvbmVudE5hbWUgd2hpbGUgdHJhdmVyc2luZyBhY3Rpdml0eSBwYXJlbnQgbWV0YWRhdGFmYcSDx5pixIU=
ZmLEi2ZhxINzdGFuZGFyZEZ1bGxTY3JlZW5mYcSDx5jDusSL
ZmbEg2ZhxINzdGFuZGFyZEZ1bGxTY3JlZW5mYcSDYWHEgw==
x5rHnMSJZmHEg2FuZHJvaWQuaW50ZW50LmFjdGlvbi5WSUVXZmHEg8ec7p+IxIk=
w7zHnMSFZmHEg3d0YWk6ZmHEg8O5w7rEhQ==
7p+Iw7rEkWZhxINvbkFjdGl2aXR5UmVzdWx0LCByZXF1ZXN0Q29kZTpmYcSDw7lixJE=
w7run4jEk2ZhxIPnoa7lrppmYcSDxavHlsST
w7rHnMSVZmHEg2V4Y2VwdGlvbmZhxIPHmsecxIE=
YceWxIdmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLldSSVRFX0VYVEVSTkFMX1NUT1JBR0VmYcSDYmTEhw==
ZMO8xJVmYcSDY29ubmVjdGlvbkluZGV4ZmHEg8O8x5zEgQ==
w7rDvMSNZmHEg3N0YW5kYXJkRnVsbFNjcmVlbmZhxINhYcSN
ZceYxJFmYcSDYW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuQlJPV1NBQkxFZmHEg8eUY8SR
x5bHlsSHZmHEg3dlaXhpbjovL2ZhxIPHmMWrxIc=
x5rHnMSVZmHEg05vIEFwcGxpY2F0aW9uSW5mbyBhdmFpbGFibGUsIGkuZS4gcnVubmluZyBvbiBhIHRlc3QgQ29udGV4dDogTXVsdGlEZXggc3VwcG9ydCBsaWJyYXJ5IGlzIGRpc2FibGVkLmZhxIPDvGTEgQ==
x5RjxIlmYcSDaHR0cDovL3d3dy5iYWlkdS5jb20vZmHEg8ecx5jEiQ==
w7nDvMSFZmHEg19pZD0/ZmHEg8eUx5zEhQ==
Y8eUxI1mYcSDc3VwcG9ydExpdGVXbmRmYcSDZMO6xI0=
x5hixI1mYcSDc3RhdHVzZmHEg8eUw7rEjQ==
7p+Iw7zEj2ZhxINmaWxlOi8vL2FuZHJvaWRfYXNzZXQvaXV4cC5odG1mYcSDx5rDvMSP
7p+Ix5bEk2ZhxIPmgqjnmoTmnLrlmajnoIHvvIjngrnlh7vkuIvmlrnmnLrlmajnoIHlpI3liLbvvInvvJpmYcSDx5jDusST
YsWrxINmYcSDdGV4dC9odG1sZmHEg2XHmMSD
ZsWrxINmYcSDYW5kcm9pZC5pbnRlbnQuYWN0aW9uLlBJQ0tmYcSDxavDucSD
7p+Iw7nEiWZhxINzZXRWaWRlb1BhcmFtc2ZhxIPHmGLEiQ==
ZWTEiWZhxINEcmF3YWJsZUNvbXBhdGZhxIPHlMecxIk=
YWHEjWZhxINGYWlsZWQgdG8gcmV0cmlldmUgc2V0TGF5b3V0RGlyZWN0aW9uKGludCkgbWV0aG9kZmHEg8WrxavEjQ==
x5THlMSNZmHEg3N0YW5kYXJkRnVsbFNjcmVlbmZhxINlYsSN
YWTEkWZhxINDb21wbGV4Q29sb3JDb21wYXRmYcSDw7xkxJE=
x5jHmsSDZmHEg2FuZHJvaWQucGVybWlzc2lvbi5SRUFEX0VYVEVSTkFMX1NUT1JBR0VmYcSDx5pixIM=
ZmLEjWZhxINTRUxFQ1QgKiBGUk9NICVzIFdIRVJFICVzID0gP2ZhxINhx5TEjQ==
Ze6fiMSHZmHEg0JhZCBlcnJvciBsb2NhdGlvbmZhxIPHmsWrxIc=
xavDucSTZmHEg2phdmFzY3JpcHQ6ZmHEg8eUx5zEkw==
x5ZlxI9mYcSDc3VwcG9ydExpdGVXbmRmYcSDZO6fiMSP
w7zHlsSVZmHEgy5ibXBmYcSDw7ljxIE=
YseYxIlmYcSD5om+5LiN5Yiw572R6aG1ZmHEg2THnMSJ
ZmbEk2ZhxIMvc2RjYXJkL1BpY3R1cmVzZmHEg+6fiGbEkw==
ZmHEg2ZhxIMvc2RjYXJkL1BpY3R1cmVzZmHEg2FkxIM=
x5plxJFmYcSDVk0gaGFzIG11bHRpZGV4IHN1cHBvcnQsIE11bHRpRGV4IHN1cHBvcnQgbGlicmFyeSBpcyBkaXNhYmxlZC5mYcSDx5bun4jEkQ==
x5jHmsSLZmHEgzQwNCAtIOaJvuS4jeWIsOaWh+S7tuaIluebruW9leOAgmZhxIPHlMO5xIs=
x5jDusSVZmHEg2JhcmNvZGVfYml0bWFwZmHEg2LHmMSB
7p+Ix5TEkWZhxINmaWxlOi8vL2FuZHJvaWRfYXNzZXQvd2VicGFnZS9mdWxsc2NyZWVuVmlkZW8uaHRtbGZhxINhx5rEkQ==
x5TDucSDZmHEg+aLkue7nWZhxINkY8SD
x5rHmsSFZmHEgyAgICAgICAgd2luZG93LmphdmFfb2JqLmdldFNvdXJjZShldmVudC5zcmNFbGVtZW50LnZpZGVvV2lkdGg8PWV2ZW50LnNyY0VsZW1lbnQudmlkZW9IZWlnaHQpO30pO1xufWZhxIPFq8eWxIU=
w7zHnMSFZmHEg0lmIHlvdSBzdGFydCB0aGUgdGFzayBtYW51YWxseSwgaXQgbWVhbnMgdGhpcyB0YXNrIGRvZXNuXCd0IGJlbG9uZyB0byBhIHF1ZXVlLCBzbyB5b3UgbXVzdCBub3QgaW52b2tlIEJhc2VEb3dubG9hZFRhc2sjcmVhZHkoKSBvciBJblF1ZXVlVGFzayNlbnF1ZXVlKCkgYmVmb3JlIHlvdSBzdGFydCgpIHRoaXMgbWV0aG9kLiBGb3IgZGV0YWlsOiBJZiB0aGlzIHRhc2sgZG9lc25cJ3QgYmVsb25nIHRvIGEgcXVldWUsIHdoYXQgaXMganVzdCBhbiBpc29sYXRlZCB0YXNrLCB5b3UganVzdCBuZWVkIHRvIGludm9rZSBCYXNlRG93bmxvYWRUYXNrI3N0YXJ0KCkgdG8gc3RhcnQgdGhpcyB0YXNrLCB0aGF0XCdzIGFsbC4gSW4gb3RoZXIgd29yZHMsIElmIHRoaXMgdGFzayBkb2VzblwndCBiZWxvbmcgdG8gYSBxdWV1ZSwgeW91IG11c3Qgbm90IGludm9rZSBCYXNlRG93bmxvYWRUYXNrI3JlYWR5KCkgbWV0aG9kIG9yIEluUXVldWVUYXNrI2VucXVldWUoKSBtZXRob2QgYmVmb3JlIGludm9rZSBCYXNlRG93bmxvYWRUYXNrI3N0YXJ0KCksIElmIHlvdSBkbyB0aGF0IGFuZCBpZiB0aGVyZSBpcyB0aGUgc2FtZSBsaXN0ZW5lciBvYmplY3QgdG8gc3RhcnQgYSBxdWV1ZSBpbiBhbm90aGVyIHRocmVhZCwgdGhpcyB0YXNrIG1heSBiZSBhc3NlbWJsZWQgYnkgdGhlIHF1ZXVlLCBpbiB0aGF0IGNhc2UsIHdoZW4geW91IGludm9rZSBCYXNlRG93bmxvYWRUYXNrI3N0YXJ0KCkgbWFudWFsbHkgdG8gc3RhcnQgdGhpcyB0YXNrIG9yIHRoaXMgdGFzayBpcyBzdGFydGVkIGJ5IHRoZSBxdWV1ZSwgdGhlcmUgaXMgYW4gZXhjZXB0aW9uIGJ1cmllZCBpbiB0aGVyZSwgYmVjYXVzZSB0aGlzIHRhc2sgb2JqZWN0IGlzIHN0YXJ0ZWQgdHdvIHRpbWVzIHdpdGhvdXQgZGVjbGFyZSBCYXNlRG93bmxvYWRUYXNrI3JldXNlKCkgOiAxLiB5b3UgaW52b2tlIEJhc2VEb3dubG9hZFRhc2sjc3RhcnQoKSBtYW51YWxseTsgIDIuIHRoZSBxdWV1ZSBzdGFydCB0aGlzIHRhc2sgYXV0b21hdGljYWxseS5mYcSDw7xmxIU=
x5rHmsSTZmHEg0RpdmlzaW9uIGFsZ29yaXRobSBmYWlsZWQgdG8gcmVkdWNlIHBvbHlub21pYWw/IHI6IGZhxIPHmmLEkw==
w7run4jEh2ZhxINObyBpbnRlbnRzIGFkZGVkIHRvIFRhc2tTdGFja0J1aWxkZXI7IGNhbm5vdCBzdGFydEFjdGl2aXRpZXNmYcSDZMO5xIc=
ZcO5xI1mYcSDZmlsZWRvd25sb2FkZXJmYcSDxatmxI0=
ZcO6xItmYcSDZ2V0TGF5b3V0RGlyZWN0aW9uZmHEg8eUx5TEiw==
w7lkxJFmYcSD5o+Q56S65L+h5oGvZmHEg8eUw7zEkQ==
x5TDusSFZmHEg2FuZHJvaWQuaW50ZW50LmFjdGlvbi5HRVRfQ09OVEVOVGZhxINmx5rEhQ==
x5jFq8SDZmHEg1Rhc2tTdGFja0J1aWxkZXJmYcSDx5jFq8SD
x5run4jEiWZhxINhbmRyb2lkLnBlcm1pc3Npb24uV1JJVEVfRVhURVJOQUxfU1RPUkFHRWZhxINkYsSJ
x5RlxI9mYcSDbXFxd3BhOi8vZmHEg2VixI8=
7p+Iw7rEhWZhxIPmlofku7bkuIvovb3lpLHotKVmYcSDYceWxIU=
xavFq8SLZmHEg3BhdGhmYcSDYseYxIs=
ZMO6xJNmYcSDZmlsZTovLy9hbmRyb2lkX2Fzc2V0L3JlcGxhY2VmbGFnX3ByaXZhdGUuaHRtZmHEg2NlxJM=
x5THnMSLZmHEg2ZpbGU6Ly8vYW5kcm9pZF9hc3NldC9yZXBsYWNlZmxhZ19sYXdzLmh0bWZhxINmx5jEiw==
ZWbEg2ZhxIPngI/opr3lmahmYcSDY8O6xIM=
Y2bEi2ZhxIN1cGRhdGUgYnV0IG1vZGVsID09IG51bGwhZmHEg8eWw7rEiw==
w7nHlMSNZmHEg2ZpbGVkb3dubG9hZGVyZmHEg2FlxI0=
YWXEg2ZhxINDYW5ub3QgcmVhZCBtZXRhZGF0YS5mYcSDx5rHlsSD
7p+IZcSPZmHEg3NldFZpZGVvUGFyYW1zZmHEg8ea7p+IxI8=
w7lhxItmYcSDYWxpcGF5Oi8vZmHEg8eUw7rEiw==
ZGTEj2ZhxINmaWxlOi8vL2FuZHJvaWRfYXNzZXQvd2VicGFnZS9maWxlQ2hvb3Nlci5odG1sZmHEg2LDucSP
x5xmxJFmYcSDY29ubmVjdGlvbkNvdW50ZmHEg2NixJE=
x5jun4jEi2ZhxIMubXBjZmHEg8ecYsSL
x5zFq8SHZmHEg2N1cnJlbnRPZmZzZXRmYcSD7p+Iw7rEhw==
ZseaxItmYcSDMDEyMzQ1Njc4OXF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tZmHEg8O5ZMSL
7p+Ix5bEi2ZhxINzZXRMYXlvdXREaXJlY3Rpb25mYcSDYseWxIs=
x5bDvMSFZmHEg+a1j+iniOWZqGZhxIPDvMeYxIU=
w7rFq8SDZmHEg0dlbmVyaWNHRlBvbHlzIGRvIG5vdCBoYXZlIHNhbWUgR2VuZXJpY0dGIGZpZWxkZmHEg8eWZcSD
x5bHmMSVZmHEg+aCqOeahOazqOWGjOegge+8iOmVv+aMieS4i+aWuei+k+WFpeahhueymOi0tOazqOWGjOegge+8ie+8mmZhxIPHmmHEgQ==
x5jDucSHZmHEg1JFUE9SVGZhxIPun4hkxIc=
YcO6xIdmYcSDY29ubmVjdGlvbkNvdW50ZmHEg+6fiMeYxIc=
x5bDucSVZmHEg3d0bG9naW5tcXE6Ly9mYcSDZseYxIE=
w7nHmMSHZmHEg21xcXdwYTovL2ZhxIPun4hixIc=
ZcO6xI1mYcSDYW5kcm9pZHguc2F2ZWRzdGF0ZS5SZXN0YXJ0ZXJmYcSDw7plxI0=
ZmLEjWZhxIMgZnVuY3Rpb24gZ2V0RG5hbWUocyl7ICAgICAgdmFyIGE9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoXCdhXCcpOyAgIHZhciBoPVwnXCc7ICAgZm9yKGxldCBpPTA7aTxhLmxlbmd0aDtpKyspeyAgICBjb25zb2xlLmxvZyhhW2ldLmhyZWYpOyAgICBpZihhW2ldLmhyZWY9PT1zKXsgICAgICAgICBoPWFbaV0uZG93bmxvYWQ7ICAgICBpPWEubGVuZ3RoOyAgICB9ICAgfSAgIGNvbnNvbGUubG9nKGgpOyAgIHJldHVybiBoOyAgfSAgdmFyIHJlcXVlc3QgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsgICAgICAgIHJlcXVlc3Qub3BlbihcJ0dFVFwnLCBcJ2ZhxIPDvMeUxI0=
x5bHlMSFZmHEg2phdmFfb2JqZmHEg+6fiGPEhQ==
x5Tun4jEkWZhxINhcHBsaWNhdGlvbl9sb2NhbGVzZmHEg8Wrx5jEkQ==
7p+IYcSRZmHEg2FuZHJvaWQucGVybWlzc2lvbi5SRUFEX0VYVEVSTkFMX1NUT1JBR0VmYcSDYsO8xJE=
x5jDvMSPZmHEg09QVElPTlNmYcSDZseYxI8=
Yu6fiMSFZmHEg2ltYWdlLypmYcSDxatmxIU=
ZGPEk2ZhxIN3aW5kb3dmYcSDZcecxJM=
7p+Ix5zEh2ZhxINjbGlwYm9hcmRmYcSDx5zHlsSH
ZGbElWZhxINJbWFnZSBDaG9vc2VyZmHEg2bDvMSB
x5jHnMSTZmHEg1Vuc3VwcG9ydGVkIHBpY3R1cmUgZm9ybWF0OiBmYcSDx5bDucST
x5pkxINmYcSDeXl5eeW5tE1N5pyIZGTml6VmYcSDZmTEgw==
x5zDusSTZmHEg2FuZHJvaWQucGVybWlzc2lvbi5XUklURV9FWFRFUk5BTF9TVE9SQUdFZmHEg2RlxJM=
x5ZhxJVmYcSD5ZCM5oSPZmHEg8Wrw7rEgQ==
w7rHmsSPZmHEg2RhdGFiYXNlZmHEg2FkxI8=
x5zun4jEiWZhxINhbmRyb2lkLmludGVudC5hY3Rpb24uVklFV2ZhxIPHlMeWxIk=
ZsO8xJVmYcSDaHR0cDovL2ZhxINlw7nEgQ==
x5rHmMSJZmHEg2Nvbm5lY3Rpb25Db3VudGZhxIPDvGTEiQ==
ZWbEjWZhxINGYWlsZWQgdG8gcmV0cmlldmUgZ2V0TGF5b3V0RGlyZWN0aW9uKCkgbWV0aG9kZmHEg8ecY8SN
xavFq8SNZmHEg2ZpbGVfZmHEg8ecw7rEjQ==
x5jDusSJZmHEg3RpbWUtY29zdGZhxIPDuseaxIk=
w7rDvMSPZmHEgy9zZGNhcmQvUGljdHVyZXMvZmHEg8ecY8SP
x5jDvMSLZmHEgyAgICAgICAgbG9jYXRpb24uaHJlZj1ldmVudC5zcmNFbGVtZW50LmN1cnJlbnRTcmM7XG5mYcSDx5rFq8SL
7p+Ix5TEh2ZhxINpc19yZWdfb2tmYcSDw7lixIc=
x5jFq8STZmHEg0FuZHJvaWRmYcSD7p+IZcST
ZseaxItmYcSDYW5kcm9pZC5pbnRlbnQuYWN0aW9uLkRJQUxmYcSDx5TDusSL
ZmHEk2ZhxIMgcGVyc2lzdGVkIHN1Y2Nlc3NmdWxseS5mYcSDY8O8xJM=
xavDvMSHZmHEg+ato+WcqOaJq+aPjy4uLmZhxIPHlu6fiMSH
YseWxJFmYcSDYW5kcm9pZHg6YXBwY29tcGF0ZmHEg2FixJE=
x5rHlsSJZmHEg3N0YW5kYXJkRnVsbFNjcmVlbmZhxIPDucO8xIk=
x5hkxI9mYcSDVGhlIGNvbnRlbnQgdmlldyBpbiBQdHJGcmFtZUxheW91dCBpcyBlbXB0eS4gRG8geW91IGZvcmdldCB0byBzcGVjaWZ5IGl0cyBpZCBpbiB4bWwgbGF5b3V0IGZpbGU/ZmHEg8O8ZcSP
x5xmxINmYcSDYWxpcGF5Oi8vZmHEg+6fiGXEgw==
x5RixI1mYcSDRGVmYXVsdFZpZGVvU2NyZWVuZmHEg8eaZsSN
w7pkxJFmYcSDUHRyRnJhbWVMYXlvdXQgb25seSBjYW4gaG9zdCAyIGVsZW1lbnRzZmHEg2bHlsSR
w7rFq8SRZmHEg291dHB1dGZhxIPHlseaxJE=
xatlxItmYcSDYW5kcm9pZC5pbnRlbnQuY2F0ZWdvcnkuT1BFTkFCTEVmYcSDx5zHlMSL
7p+IxavEkWZhxIMubXBnZmHEg2TDvMSR
x5THnMSTZmHEg2FuZHJvaWQuc2V0dGluZ3MuTUFOQUdFX0FMTF9GSUxFU19BQ0NFU1NfUEVSTUlTU0lPTmZhxIPFq8ecxJM=
ZsWrxJNmYcSDRmFpbGVkIHRvIGluZmxhdGUgQ29tcGxleENvbG9yLmZhxIPun4jFq8ST
7p+IZsSLZmHEg2lucHV0X21ldGhvZGZhxINiY8SL
w7llxIVmYcSDQ29udGVudC1EaXNwb3NpdGlvbmZhxIPDucO5xIU=
x5TDusSHZmHEg3dpbmRvdy5hZGRFdmVudExpc3RlbmVyKFwnY29udGV4dG1lbnVcJywgZnVuY3Rpb24oZSl7IFxuICAgIGUucHJldmVudERlZmF1bHQoKTsgXG59KTtmYcSDx5zun4jEhw==
w7zFq8SVZmHEg2NvbS5hbmRyb2lkLmludGVybmFsLlIkZGltZW5mYcSDx5bHmMSB
x5xixIlmYcSDRXJyb3IgbG9jYXRvciBkZWdyZWUgZG9lcyBub3QgbWF0Y2ggbnVtYmVyIG9mIHJvb3RzZmHEg2RkxIk=
x5hmxI9mYcSD5oKo55qE5rOo5YaM56CB5bey57uP6L+H5pyf77yM6K+36YeN5paw6L6T5YWl5paw55qE5rOo5YaM56CBZmHEg8eaw7zEjw==
x5THmMSVZmHEgywgckxhc3Q6IGZhxIPDusO5xIE=
w7rHmMSPZmHEg+aJq+eggeWksei0pWZhxIPHlmTEjw==
7p+Ix5zEg2ZhxINoYXNBZ3JlZWRMYXdmYcSDx5jFq8SD
w7zun4jEk2ZhxINzdGF0dXNmYcSDw7plxJM=
x5bHmMSHZmHEg2FuZHJvaWRfaWRmYcSDw7zFq8SH
Y8eYxItmYcSDc2lnbWFUaWxkZSgwKSB3YXMgemVyb2ZhxINlx5TEiw==
w7nHlMSNZmHEg2ZpbmFsX2RhdGVmYcSDw7run4jEjQ==
7p+Iw7nEkWZhxIPmlofku7blpKrlpKfvvIzmmoLml7bkuI3og73kuIvovb1mYcSDw7pjxJE=
x5xlxJNmYcSDZmlsZWRvd25sb2FkZXJDb25uZWN0aW9uZmHEg8O6x5jEkw==
xavFq8SRZmHEg2FuZHJvaWQucGVybWlzc2lvbi5DQU1FUkFmYcSDZcO6xJE=
x5zHmMSLZmHEg+aBouWkjXdlYmtpdOWIneWni+eKtuaAgWZhxIPHmseWxIs=
ZO6fiMSVZmHEg+W8gOWQr+Wwj+eql+aooeW8j2ZhxIPHlmbEgQ==
w7pjxINmYcSD6K+36L6T5YWl5rOo5YaM56CBZmHEg8eUx5jEgw==
w7rFq8SRZmHEg3l1djQyMHBmYcSDx5ZhxJE=
w7zFq8SVZmHEg1N0b3JpbmcgQXBwIExvY2FsZXMgOiBGaWxlTm90Rm91bmRFeGNlcHRpb246IENhbm5vdCBvcGVuIGZpbGUgJXMgZm9yIHdyaXRpbmcgZmHEg8O8w7zEgQ==
x5jHlMSJZmHEg0RyYXdhYmxlQ29tcGF0ZmHEg8O5w7zEiQ==
x5bun4jEh2ZhxIN0aGUgcHJvdmlkZWQgY29udGV4dCBtdXN0IG5vdCBiZSBudWxsIWZhxIPHnMO5xIc=
ZGbEiWZhxINzZXRWaWRlb1BhcmFtc2ZhxIPDvGLEiQ==
w7nDusSNZmHEg2hhc0FncmVlZExhd2ZhxIPHmseUxI0=
w7nHnMSFZmHEg2ZpbGVuYW1lZmHEg8Wrw7zEhQ==
x5ZjxIdmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19DT0FSU0VfTE9DQVRJT05mYcSDx5bHlMSH
x5THlMSJZmHEg2FsaXBheXM6Ly9mYcSDZseUxIk=
ZseUxIdmYcSDNDA0IE5vdCBGb3VuZGZhxINlx5zEhw==
xavHmMSRZmHEg2ZpbGVkb3dubG9hZGVyZmHEg8eYx5jEkQ==
w7nHmsSNZmHEg2FuZHJvaWR4LmFwcGNvbXBhdC5hcHAuQXBwQ29tcGF0RGVsZWdhdGUuYXBwbGljYXRpb25fbG9jYWxlc19yZWNvcmRfZmlsZWZhxIPHlGPEjQ==
xatixItmYcSDc3VwcG9ydExpdGVXbmRmYcSDZMO6xIs=
x5rDucSHZmHEg2FuZHJvaWQucGVybWlzc2lvbi5BQ0NFU1NfQ09BUlNFX0xPQ0FUSU9OZmHEg2TDvMSH
x5hkxJVmYcSDIGRhdGE6ZmHEg8O8w7zEgQ==
x5jHlsSHZmHEg2FuZHJvaWQuaW50ZW50LmNhdGVnb3J5Lk9QRU5BQkxFZmHEg2VkxIc=
YceWxItmYcSDU3RvcmluZyBBcHAgTG9jYWxlcyA6IEZhaWxlZCB0byBwZXJzaXN0IGFwcC1sb2NhbGVzOiBmYcSDYceaxIs=
x5xjxJNmYcSDd2luZG93LmFkZEV2ZW50TGlzdGVuZXIoXCdjb250ZXh0bWVudVwnLCBmdW5jdGlvbihlKXsgXG4gICAgZS5wcmV2ZW50RGVmYXVsdCgpOyBcbn0pO2ZhxIPun4hjxJM=
x5bDusSLZmHEg3JlZ2lzdHJ5ZmHEg8ecx5jEiw==
Y8eUxI1mYcSDICAgICAgICB3aW5kb3cuamF2YV9vYmouZ2V0U291cmNlKGV2ZW50LnNyY0VsZW1lbnQudmlkZW9XaWR0aDw9ZXZlbnQuc3JjRWxlbWVudC52aWRlb0hlaWdodCk7fSk7XG59ZmHEg2THmMSN
Y8eWxJVmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLkNBTUVSQWZhxINlw7nEgQ==
x5zHmMSJZmHEg2ZpbGVkb3dubG9hZGVyQ29ubmVjdGlvbmZhxIPHmmHEiQ==
x5bHmsSJZmHEg3ZhciB2aWRlb3M9ZG9jdW1lbnQuZ2V0RWxlbWVudHNCeVRhZ05hbWUoXCd2aWRlb1wnKTtcbmZvcihpPTA7aTx2aWRlb3MubGVuZ3RoO2krKylcbntcbnZpZGVvc1tpXS5hZGRFdmVudExpc3RlbmVyKFwnd2Via2l0ZnVsbHNjcmVlbmNoYW5nZVwnLCBmdW5jdGlvbihlKSB7XG5mYcSDY8WrxIk=
x5zDucSRZmHEg3NldFZpZGVvUGFyYW1zZmHEg8O8YcSR
x5bHlsSHZmHEg0FwcExvY2FsZXNTdG9yYWdlSGVscGVyZmHEg8Wrx5jEhw==
x5hixI9mYcSDXCcsIHRydWUpOyAgICAgICAgcmVxdWVzdC5zZXRSZXF1ZXN0SGVhZGVyKFwnQ29udGVudC10eXBlXCcsIFwndGV4dC9wbGFpblwnKTsgICAgICAgIHJlcXVlc3QucmVzcG9uc2VUeXBlID0gXCdibG9iXCc7ICAgICAgICByZXF1ZXN0Lm9ubG9hZCA9IGZ1bmN0aW9uIChlKSB7ICAgICAgICAgICAgaWYgKHRoaXMuc3RhdHVzID09PSAyMDApIHsgICAgICAgICAgICAgICAgdmFyIGJsb2JGaWxlID0gdGhpcy5yZXNwb25zZTsgICAgICAgICAgICAgICAgdmFyIHJlYWRlciA9IG5ldyBGaWxlUmVhZGVyKCk7ICAgICAgICAgICAgICAgIHJlYWRlci5yZWFkQXNEYXRhVVJMKGJsb2JGaWxlKTsgICAgICAgICAgICAgICAgcmVhZGVyLm9ubG9hZGVuZCA9IGZ1bmN0aW9uKCkgeyAgICAgICAgICAgICAgICB2YXIgYmFzZTY0ZGF0YSA9IHJlYWRlci5yZXN1bHQ7ICAgICAgICAgICAgICAgIHdpbmRvdy5qYXZhX29iai5kb3duKGJhc2U2NGRhdGEsZ2V0RG5hbWUoXCdmYcSDw7xixI8=
7p+Iw7zEj2ZhxIMubTRhZmHEg8eYx5jEjw==
w7zFq8STZmHEg0ZhaWx1cmUgd2hpbGUgdHJ5aW5nIHRvIG9idGFpbiBBcHBsaWNhdGlvbkluZm8gZnJvbSBDb250ZXh0LiBNdXN0IGJlIHJ1bm5pbmcgaW4gdGVzdCBtb2RlLiBTa2lwIHBhdGNoaW5nLmZhxIPun4jun4jEkw==
7p+IYcSFZmHEg0ZhaWxlZCB0byBpbmZsYXRlIENvbG9yU3RhdGVMaXN0LCBsZWF2aW5nIGl0IHRvIHRoZSBmcmFtZXdvcmtmYcSDYu6fiMSF
ZGXEj2ZhxINhbmRyb2lkLmludGVudC5hY3Rpb24uTUFJTmZhxIPFq2XEjw==
Y8WrxIVmYcSDMOeCueWIsOacn2ZhxIPHnMO5xIU=
w7rHlsSRZmHEg2FuZHJvaWQuaW50ZW50LmFjdGlvbi5WSUVXZmHEg8eYZsSR
7p+IxavEk2ZhxIM8dGhpcz5mYcSDx5THmMST
w7xjxIdmYcSDLCBwYXJhbWV0ZXIgZmHEg8WrxavEhw==
w7xhxI9mYcSDRmFpbGVkIHRvIGludm9rZSBnZXRMYXlvdXREaXJlY3Rpb24oKSB2aWEgcmVmbGVjdGlvbmZhxIPHmMWrxI8=
ZWTEiWZhxINhbmRyb2lkLnBlcm1pc3Npb24uV1JJVEVfRVhURVJOQUxfU1RPUkFHRWZhxINhw7nEiQ==
x5plxItmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfRVhURVJOQUxfU1RPUkFHRWZhxIPDuWPEiw==
x5hhxIVmYcSDTXVsdGlEZXggaW5zdGFsbGF0aW9uIGZhaWx1cmVmYcSDx5plxIU=
x5zFq8SRZmHEg1NFTEVDVCAqIEZST00gJXMgV0hFUkUgJXMgPSA/ZmHEg2JjxJE=
ZWLEkWZhxINhbmRyb2lkLnBlcm1pc3Npb24uUkVBRF9FWFRFUk5BTF9TVE9SQUdFZmHEg8eYZMSR
x5rDusSRZmHEg2Vyck1zZ2ZhxIPDuseYxJE=
w7rHmMSNZmHEg21xcWFwaTovL2ZhxIPHmMeWxI0=
w7pjxI9mYcSDc3RhdHVzZmHEg2XFq8SP
x5RhxIVmYcSDUFJPUFBBVENIZmHEg2XDvMSF
w7xlxINmYcSDYW5kcm9pZC5pbnRlbnQuYWN0aW9uLkdFVF9DT05URU5UZmHEg8eYx5bEgw==
Y8O5xJFmYcSDRGVmYXVsdFZpZGVvU2NyZWVuZmHEg2bHmsSR
ZO6fiMSPZmHEg3NtczpmYcSDw7phxI8=
7p+IZMSDZmHEg2V0YWdmYcSD7p+IxavEgw==
x5hhxI1mYcSDSW5zdGFsbGluZyBhcHBsaWNhdGlvbmZhxIPHmGHEjQ==
x5pixItmYcSDaGFzQWdyZWVkTGF3ZmHEg8O5x5bEiw==
w7phxJNmYcSDZmlsZWRvd25sb2FkZXJDb25uZWN0aW9uZmHEg8WrY8ST
w7zHmMSHZmHEg2FuZHJvaWQucGVybWlzc2lvbi5XUklURV9FWFRFUk5BTF9TVE9SQUdFZmHEg8O5YcSH
Y2TEhWZhxINzdXBwb3J0TGl0ZVduZGZhxIPun4hmxIU=
ZGPEg2ZhxINzdGF0dXNfYmFyX2hlaWdodGZhxINlw7rEgw==
w7nHlMSJZmHEg2FuZHJvaWQuaW50ZW50LmFjdGlvbi5HRVRfQ09OVEVOVGZhxIPHlMeWxIk=
x5ZmxINmYcSDaW5zdGFsbCBkb25lZmHEg2JkxIM=
x5rHlMSDZmHEgyBtdXN0IG5vdCBiZSBudWxsZmHEg8eUx5rEgw==
x5Tun4jEh2ZhxINEZWZhdWx0VmlkZW9TY3JlZW5mYcSDxatixIc=
ZsO8xIVmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLkFDQ0VTU19GSU5FX0xPQ0FUSU9OZmHEg2bHnMSF
w7zun4jEh2ZhxIPpgInmi6nkuoznu7TnoIHlm77niYdmYcSDx5jFq8SH
x5zFq8SPZmHEg19pZCA9ID8gZmHEg8O6w7zEjw==
x5rHlsSTZmHEg3NldFZpZGVvUGFyYW1zZmHEg8O6ZMST
w7rDvMSPZmHEg011bHRpRGV4ZmHEg2LDucSP
7p+Ix5bEjWZhxIN3dGxvZ2lubXFxOi8vZmHEg8O6w7rEjQ==
YmLEjWZhxINhbmRyb2lkLmludGVudC5hY3Rpb24uVklFV2ZhxIPHlsO6xI0=
YmXEjWZhxINwYXRoQXNEaXJlY3RvcnlmYcSDw7xixI0=
x5xhxINmYcSDYW5kcm9pZC5wZXJtaXNzaW9uLlJFQURfRVhURVJOQUxfU1RPUkFHRWZhxIPHlu6fiMSD

信息 应用程序记录日志信息,不得记录敏感信息 

应用程序记录日志信息,不得记录敏感信息
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs

Files:
a0/c.java, line(s) 30
a2/e.java, line(s) 184,189
b0/v.java, line(s) 16,15
e/d0.java, line(s) 82
e/g.java, line(s) 130
e/i0.java, line(s) 479,920,922,925,569,621,624
e/n.java, line(s) 420
e/s.java, line(s) 44
e3/f.java, line(s) 13
g3/d.java, line(s) 28,35,40,51
g3/f.java, line(s) 31
h/k.java, line(s) 85,122,134,144
h/l.java, line(s) 151
i/i.java, line(s) 448
j/e4.java, line(s) 126,194
j/i4.java, line(s) 26
j/l1.java, line(s) 20
j/n2.java, line(s) 262,77,82,89,174,245
j/p1.java, line(s) 92,101,198
j/p3.java, line(s) 86,109,207,221
j/q0.java, line(s) 33,107,112,122
j/q3.java, line(s) 33
j/t2.java, line(s) 20
j/u2.java, line(s) 24,34,45,57
j/v.java, line(s) 46,55
j/x.java, line(s) 47
j/z.java, line(s) 164
j0/a.java, line(s) 129,28,35,37,43,31,39,45,93
j0/d.java, line(s) 40,51,53,100,121,187,189,203,248,294,306,310,314,319,93,184,191,217,227,252,271,304
r/f.java, line(s) 41,46
r/g.java, line(s) 28
r/h.java, line(s) 61
r/i.java, line(s) 44
r/j.java, line(s) 55,256
s/h.java, line(s) 27,59,117
u/h.java, line(s) 22
v1/c.java, line(s) 292,959,202,441,451,908,917,306,316,876
w/c.java, line(s) 30
xnjn/w716/xtwq/aron.java, line(s) 154,492
xnjn/w716/xtwq/b3rh.java, line(s) 73,54,66,77,62
y/c1.java, line(s) 58,75,49
y/e0.java, line(s) 74
y/n.java, line(s) 54,67,114,176
y/o0.java, line(s) 192,173,191
y/q0.java, line(s) 16
y/x0.java, line(s) 31
y/y0.java, line(s) 32,44,51,60
y2/p.java, line(s) 395,446,460,471,651,175,184,223,232,718

信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 

此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard

Files:
b3/i.java, line(s) 3,33,44
j/c.java, line(s) 5,67

安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 

此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4

Files:
p2/t.java, line(s) 94,93,101,92,92

安全评分: ( 小米粒 1.0)