[FEATURE] Provide codes for simplified classification of issues #1356
Assignees
Labels
enhancement
MobSF enhancements and feature requests
Comments
ghost
added
the
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.
Examples:
I suggest issue codes based on the triggered expression.
Insecure communication to xxx.xxx.xxx is allowed-> EitherNSTemporaryExceptionAllowsInsecureHTTPLoadsorNSExceptionAllowsInsecureHTTPLoadsNSIncludesSubdomains set to TRUE for xxx.xxx.xxx->NSIncludesSubdomainsAllowedNSExceptionMinimumTLSVersion set to TLSv1.1 on xxx.xxx.xxx->NSExceptionMinimumTLSVersion11Issues in other sections do not contain contextual information (or provide a field like
namein the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.Example:
The issue
c_prot_normal_newof the Android manifest analysis contains context-dependent information in the title; the name is suitable for distinguishing it from other issues but is also very long:is Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17].The text was updated successfully, but these errors were encountered: