You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.
Examples:
iOS App Transport Security (ATS) issues:
I suggest issue codes based on the triggered expression.
Insecure communication to xxx.xxx.xxx is allowed -> Either NSTemporaryExceptionAllowsInsecureHTTPLoads or NSExceptionAllowsInsecureHTTPLoads
NSIncludesSubdomains set to TRUE for xxx.xxx.xxx -> NSIncludesSubdomainsAllowed
NSExceptionMinimumTLSVersion set to TLSv1.1 on xxx.xxx.xxx -> NSExceptionMinimumTLSVersion11
...
Issues in other sections do not contain contextual information (or provide a field like name in the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.
Example:
The issue c_prot_normal_new of the Android manifest analysis contains context-dependent information in the title; the name is suitable for distinguishing it from other issues but is also very long: is Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17].
The text was updated successfully, but these errors were encountered:
The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.
Examples:
I suggest issue codes based on the triggered expression.
Insecure communication to xxx.xxx.xxx is allowed
-> EitherNSTemporaryExceptionAllowsInsecureHTTPLoads
orNSExceptionAllowsInsecureHTTPLoads
NSIncludesSubdomains set to TRUE for xxx.xxx.xxx
->NSIncludesSubdomainsAllowed
NSExceptionMinimumTLSVersion set to TLSv1.1 on xxx.xxx.xxx
->NSExceptionMinimumTLSVersion11
Issues in other sections do not contain contextual information (or provide a field like
name
in the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.Example:
The issue
c_prot_normal_new
of the Android manifest analysis contains context-dependent information in the title; the name is suitable for distinguishing it from other issues but is also very long:is Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17]
.The text was updated successfully, but these errors were encountered: