Skip to content
This repository has been archived by the owner on Sep 15, 2022. It is now read-only.

Provide codes for simplified classification of issues #14

Open
ghost opened this issue Apr 22, 2022 · 0 comments
Open

Provide codes for simplified classification of issues #14

ghost opened this issue Apr 22, 2022 · 0 comments
Labels
good first issue Good for newcomers MobSF Label for MobSF Issues

Comments

@ghost
Copy link

ghost commented Apr 22, 2022

The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.

Examples:

iOS App Transport Security (ATS) issues:
I suggest issue codes based on the triggered expression.

  • Insecure communication to xxx.xxx.xxx is allowed -> Either NSTemporaryExceptionAllowsInsecureHTTPLoads or NSExceptionAllowsInsecureHTTPLoads
  • NSIncludesSubdomains set to TRUE for xxx.xxx.xxx -> NSIncludesSubdomainsAllowed
  • NSExceptionMinimumTLSVersion set to TLSv1.1 on xxx.xxx.xxx -> NSExceptionMinimumTLSVersion11
  • ...

Issues in other sections do not contain contextual information (or provide a field like name in the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.
@ghost ghost added the MobSF Label for MobSF Issues label Apr 22, 2022
@siddharth2798 siddharth2798 added the good first issue Good for newcomers label Apr 22, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue Good for newcomers MobSF Label for MobSF Issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@siddharth2798