应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
St.John's v1.0.9
49
安全评分
安全基线评分
49/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
3
高危
17
中危
3
信息
2
安全
隐私风险评估
2
第三方跟踪器
中等隐私风险
检测到少量第三方跟踪器
检测结果分布
高危安全漏洞
3
中危安全漏洞
17
安全提示信息
3
已通过安全项
2
重点安全关注
0
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/an/biometric/BiometricManagerV23.java, line(s) 124 com/nimbusds/jose/crypto/impl/AESCBC.java, line(s) 33 com/nimbusds/jose/jca/JCASupport.java, line(s) 190
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/mcb/stjohnsemschool/activity/BusTrackingActivity.java, line(s) 79,73 com/mcb/stjohnsemschool/activity/LearningLinkActivity.java, line(s) 71,65
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/folioreader/ui/fragment/FolioPageFragment.java, line(s) 923,25,26 com/mcb/stjohnsemschool/utils/VideoEnabledWebView.java, line(s) 70,8 org/readium/r2/streamer/server/handler/SearchQueryHandler.java, line(s) 186,243,7
中危安全漏洞 Activity (com.microsoft.identity.client.BrowserTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.microsoft.identity.client.CurrentTaskBrowserTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.profileinstaller.ProfileInstallReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: com/folioreader/ui/adapter/ListViewType.java, line(s) 23 com/mcb/stjohnsemschool/activity/LoginActivity.java, line(s) 662 com/mcb/stjohnsemschool/model/UserModelClass.java, line(s) 240 com/mcb/stjohnsemschool/services/ApiInterface.java, line(s) 189 com/mcb/stjohnsemschool/utils/Config.java, line(s) 4 com/mcb/stjohnsemschool/utils/Constants.java, line(s) 43,293,231,74,75,88,125,59,76,126,79 com/mcb/stjohnsemschool/utils/SimplePlacePicker.java, line(s) 4,12 com/microsoft/identity/client/Constants.java, line(s) 7 com/microsoft/identity/client/SingleAccountPublicClientApplication.java, line(s) 40 com/microsoft/identity/common/adal/internal/AuthenticationConstants.java, line(s) 187,186,220,241,280,247,342,271,234,318,323,282,262,338,114,100 com/microsoft/identity/common/internal/activebrokerdiscovery/BrokerDiscoveryClient.java, line(s) 35,36,37 com/microsoft/identity/common/internal/broker/BrokerRequest.java, line(s) 353,255 com/microsoft/identity/common/internal/broker/BrokerResult.java, line(s) 141 com/microsoft/identity/common/internal/cache/ActiveBrokerCacheUpdater.java, line(s) 18,19,20 com/microsoft/identity/common/internal/cache/BaseActiveBrokerCache.java, line(s) 15,16 com/microsoft/identity/common/internal/cache/ClientActiveBrokerCache.java, line(s) 18 com/microsoft/identity/common/java/AuthenticationConstants.java, line(s) 126,141,81,70 com/microsoft/identity/common/java/authscheme/PopAuthenticationSchemeWithClientKeyInternal.java, line(s) 10 com/microsoft/identity/common/java/commands/parameters/RopcTokenCommandParameters.java, line(s) 40 com/microsoft/identity/common/java/constants/FidoConstants.java, line(s) 24,21 com/microsoft/identity/common/java/crypto/RawKeyAccessor.java, line(s) 66 com/microsoft/identity/common/java/dto/AccountRecord.java, line(s) 59 com/microsoft/identity/common/java/dto/Credential.java, line(s) 32 com/microsoft/identity/common/java/dto/PrimaryRefreshTokenRecord.java, line(s) 26,137 com/microsoft/identity/common/java/eststelemetry/LastRequestTelemetryCache.java, line(s) 9,10,11 com/microsoft/identity/common/java/eststelemetry/PublicApiId.java, line(s) 35,33,30,39,42 com/microsoft/identity/common/java/eststelemetry/SchemaConstants.java, line(s) 13 com/microsoft/identity/common/java/exception/ClientException.java, line(s) 35,38 com/microsoft/identity/common/java/nativeauth/commands/parameters/BaseSignUpStartCommandParameters.java, line(s) 35 com/microsoft/identity/common/java/nativeauth/commands/parameters/ResetPasswordStartCommandParameters.java, line(s) 31 com/microsoft/identity/common/java/nativeauth/commands/parameters/ResetPasswordSubmitNewPasswordCommandParameters.java, line(s) 80 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInStartCommandParameters.java, line(s) 31 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInStartUsingPasswordCommandParameters.java, line(s) 62 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInSubmitPasswordCommandParameters.java, line(s) 80 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInWithSLTCommandParameters.java, line(s) 42 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignUpStartUsingPasswordCommandParameters.java, line(s) 62 com/microsoft/identity/common/java/nativeauth/commands/parameters/SignUpSubmitPasswordCommandParameters.java, line(s) 62 com/microsoft/identity/common/java/nativeauth/providers/NativeAuthConstants.java, line(s) 17,29 com/microsoft/identity/common/java/nativeauth/providers/requests/resetpassword/ResetPasswordStartRequest.java, line(s) 197 com/microsoft/identity/common/java/nativeauth/providers/requests/resetpassword/ResetPasswordSubmitRequest.java, line(s) 146 com/microsoft/identity/common/java/nativeauth/providers/requests/signin/SignInInitiateRequest.java, line(s) 191 com/microsoft/identity/common/java/nativeauth/providers/requests/signin/SignInTokenRequest.java, line(s) 290 com/microsoft/identity/common/java/nativeauth/providers/requests/signup/SignUpContinueRequest.java, line(s) 241 com/microsoft/identity/common/java/nativeauth/providers/requests/signup/SignUpStartRequest.java, line(s) 220 com/microsoft/identity/common/java/providers/oauth2/IDToken.java, line(s) 27 com/microsoft/identity/common/java/providers/oauth2/TokenRequest.java, line(s) 64 com/microsoft/identity/nativeauth/statemachine/errors/ErrorTypes.java, line(s) 9 com/microsoft/identity/nativeauth/statemachine/errors/SignUpErrorTypes.java, line(s) 9 com/scottyab/showhidepasswordedittext/ShowHidePasswordEditText.java, line(s) 20,21 io/ably/lib/push/LocalDevice.java, line(s) 157 io/ably/lib/types/Message.java, line(s) 22 noman/weekcalendar/fragment/WeekFragment.java, line(s) 22 org/java_websocket/drafts/Draft_6455.java, line(s) 53 org/jsoup/helper/W3CDom.java, line(s) 46 org/jsoup/nodes/Comment.java, line(s) 7 org/jsoup/nodes/DataNode.java, line(s) 7 org/jsoup/nodes/DocumentType.java, line(s) 11,12,14 org/jsoup/nodes/TextNode.java, line(s) 9
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/folioreader/ui/fragment/FolioPageFragment.java, line(s) 1019,1024,1029,1034,1039,997 com/mcb/stjohnsemschool/activity/EvaluationReportCardActivity.java, line(s) 91,79 com/mcb/stjohnsemschool/activity/FeeTransactionReceiptActivity.java, line(s) 103,93 com/mcb/stjohnsemschool/activity/OtherExamsReportActivity.java, line(s) 76,64 com/mcb/stjohnsemschool/activity/ReportCardActivity.java, line(s) 105,93 com/mcb/stjohnsemschool/utils/VideoEnabledWebView.java, line(s) 63,69,75,81,85,89,54
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/folioreader/ui/fragment/FolioPageFragment.java, line(s) 1009,997 com/mcb/stjohnsemschool/activity/FeeTransactionReceiptActivity.java, line(s) 98,93 com/mcb/stjohnsemschool/activity/LearningVideoWebViewActivity.java, line(s) 82,77 com/mcb/stjohnsemschool/activity/OnlinePaymentActivity.java, line(s) 55,49 com/mcb/stjohnsemschool/activity/OtherExamsReportActivity.java, line(s) 69,64 com/mcb/stjohnsemschool/activity/ReportCardActivity.java, line(s) 98,93 com/mcb/stjohnsemschool/fragment/FeedbackFormsFragment.java, line(s) 78,73
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/chinalwb/are/Util.java, line(s) 152 com/folioreader/util/FileUtil.java, line(s) 40 com/github/mikephil/charting/charts/Chart.java, line(s) 735,751 com/github/mikephil/charting/utils/FileUtils.java, line(s) 23,106 com/mcb/stjohnsemschool/activity/EvaluationReportCardActivity.java, line(s) 179 com/mcb/stjohnsemschool/activity/FeeTransactionReceiptActivity.java, line(s) 192 com/mcb/stjohnsemschool/activity/GalleryImageViewPagerActivity.java, line(s) 390 com/mcb/stjohnsemschool/activity/PdfViewActivity.java, line(s) 108 com/mcb/stjohnsemschool/activity/ReportCardActivity.java, line(s) 185 com/mcb/stjohnsemschool/activity/WebViewActivity.java, line(s) 161 com/mcb/stjohnsemschool/adapter/DetailGalleryAdapter.java, line(s) 101,127 com/mcb/stjohnsemschool/adapter/GalleryRecyclerViewAdapter.java, line(s) 107 com/mcb/stjohnsemschool/utils/Constants.java, line(s) 444 com/mcb/stjohnsemschool/utils/FileUtils.java, line(s) 27 com/mcb/stjohnsemschool/utils/Utility.java, line(s) 101,107,110 com/mcxiaoke/koi/utils/SystemKt.java, line(s) 17,25 org/readium/r2/streamer/server/AbstractServer.java, line(s) 65,66,72,73,79,80
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/downloader/database/AppDbHelper.java, line(s) 6,26 com/downloader/database/DatabaseOpenHelper.java, line(s) 4,5,21 com/folioreader/model/sqlite/DbAdapter.java, line(s) 7,34,78,93,97,107 com/folioreader/model/sqlite/DictionaryTable.java, line(s) 6,41 com/folioreader/model/sqlite/FolioDatabaseHelper.java, line(s) 4,5,60 com/mcb/stjohnsemschool/DB/MyClassBoardDB.java, line(s) 7,8,77,81,85,89
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/folioreader/Constants.java, line(s) 10,18 com/nimbusds/jose/jwk/Curve.java, line(s) 18,19,22,23,24,18 org/nanohttpd/protocols/http/HTTPSession.java, line(s) 75
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: com/chinalwb/are/activities/Are_AtPickerActivity.java, line(s) 15 io/ably/lib/http/HttpAuth.java, line(s) 17 org/java_websocket/drafts/Draft_6455.java, line(s) 15 org/jsoup/helper/DataUtil.java, line(s) 13 org/kobjects/crypt/Crypt.java, line(s) 5 org/springframework/util/AlternativeJdkIdGenerator.java, line(s) 5 org/springframework/util/MimeTypeUtils.java, line(s) 13 org/springframework/util/SocketUtils.java, line(s) 5
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/downloader/utils/Utils.java, line(s) 85 io/ably/lib/http/HttpAuth.java, line(s) 238
中危安全漏洞 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: org/nanohttpd/protocols/http/HTTPSession.java, line(s) 477,575 org/nanohttpd/protocols/http/tempfiles/DefaultTempFile.java, line(s) 14 org/springframework/cglib/transform/AbstractTransformTask.java, line(s) 89 org/zeroturnaround/zip/ZipUtil.java, line(s) 2082 org/zeroturnaround/zip/Zips.java, line(s) 174,188 org/zeroturnaround/zip/transform/FileZipEntryTransformer.java, line(s) 24,26
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: org/java_websocket/drafts/Draft_6455.java, line(s) 523
中危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个2隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.google.android.geo.API_KEY" : "@7F12002A" "api_key_map" : "AIzaSyDvRRbEuf9FM_PPb7bz4i9ePto6sRkFIR0" "firebase_database_url" : "https://st-johns-em-high-school.firebaseio.com" "google_api_key" : "AIzaSyBeHcP7FXpiEpxb4lb7iaHgOT-Hhk55KiA" "google_app_id" : "1:718163066574:android:ac8846d0cd50f5b9b5da9f" "google_crash_reporting_api_key" : "AIzaSyBeHcP7FXpiEpxb4lb7iaHgOT-Hhk55KiA" "http_auth_dialog_cancel" : "Cancel" "http_auth_dialog_login" : "Login" "http_auth_dialog_password" : "Password" "http_auth_dialog_username" : "Username" "password" : "Password" "service_url_api" : "https://corp14api.myclassboard.com/MCBMobileAppService.asmx" xxAk8S05zu0Nkce+X2J6IKJ2e7YE4F9ZorZj0YnYUQ2vw8vLc8VGGOqJdTnVySbbcy9VY8UDbOfeOETSErYllw== 32670510020758816978083085130507043184471273380659243275938904335757337482424 jPpMoaNvcxSLMX4yG4C3Gf86rtTqh33SqpuRKg4WOP+MnnpA52zZgvKLW76U4Cqqf68iaBk9W7k/jhciiSAtgQ== VCpKgbYCXucoq1mZ4BZPsh5taNE= 2LHYpyDYp9mG2KrYrtin2Kgg2qnZhtuM2K8g24zaqSDZgdin24zZhA== 7fmduHKTdHHrlMvldlEqAIlSfii1tl35bxj1OXN5Ve8c4lU6URVu4xtSHc3BVZxS6WWJnxMDhIfQN0N0K2NDJg== 26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 55066263022277343669578718895168534326250603453777594175500187360389116729240 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 3757180025770020463545507224491183603594455134769762486694567779615544477440556316691234405012945539562144444537289428522585666729196580810124344277578376784 41058363725152142129326129780047268409114441015993725554835256314039467401291 36134250956749795798585127919587881956611106672985015071877198253568414405109 MAppParentAPI/GetStudentObjectiveExamMarksDetailsByExamType 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 eyJhdWQiOiJNQ0JDdXN0b21QYXJlbnRBUFAiLCJqdGkiOiJmYWU2M2M0NS1mYTBlLTQ4YmQtOGY1OS02ZWNjMzU0N2ZlNDIiLCJpYXQiOjE2MjczMjY4MDh9 2KfbjNqpINmB2KfYptmEINmF24zauiDYs9uSINin2YbYqtiu2KfYqCDaqdix24zaug== 1093849038073734274511112390766805569936207598951683748994586394495953116150735016013708737573759623248592132296706313309438452531591012912142327488478985984 AIzaSyA49tz6ElcjjZXVenZ12eTXfoJ1ujDofG0 115792089210356248762697446949407573529996955224135760342422259061068512044369 115792089237316195423570985008687907852837564279074904382605163141518161494337 115792089210356248762697446949407573530086143415290314195533631308867097853951 87749df4-7ccf-48f8-aa87-704bad0e0e16 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449 pdAtoxfsEwbpQsIaua5Uobl5AQEjqt40aPXI7UY1lIW0NTmg0G4jHQ5T5mujSjjU06q4mEHs5hb6z/Mr0PNlmQ== 115792089210356248762697446949407573530086143415290314195533631308867097853948 2661740802050217063228768716723360960729859168756973147706671368418802944996427808491545080627771902352094241225065558662157113545570916814161637315895999846 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112316 29d9ed98-a469-4536-ade2-f981bc1d605e 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057151 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 9188040d-6c67-4c5b-b112-36a304b66dad 7ZWY64KY7J2YIO2MjOydvOydhCDshKDtg50= MAppParentAPI/GetStudentObjectiveExamMarksDetailsBySubjectWise Gu8CuaYmSV5CHWd6dz3tGPXIE+YTalCVIXi5lEBXpvUgsMKoHbU9Rqou3WNRNU1tsz8pvEADTCCJ5f02fbw9qw== fcg80qvoM1YMKJZibjBwQcDfOno= x28mHDILP8IZRH6EfjD4zC1bcpgk8euKS91klxoddu8+e34xEgy3Q9XTa3ySY7C7EXX4o/EJpDV8MqmEfIf7LA== 8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 EZ2RCcsmf869Ec41PgHHnFdI0MgmVsADFFy8AtcfEKsjD1YAPtKxCMZVdT+y+K1IWRnPk4Lf2PUAcL5N49OqAA== 48439561293906451759052585252797914202762949526041747995844080717082404635286 cec596b4528b5016ee9b46a678a68e28 115792089237316195423570985008687907853269984665640564039457584007908834671663 6864797660130609714981900799081393217269435300143305409394463459185543183397656052122559640661454554977296311391480858037121987999716643812574028291115057148
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: com/chinalwb/are/AREditText.java, line(s) 356 com/chinalwb/are/AREditor.java, line(s) 165 com/chinalwb/are/Util.java, line(s) 34 com/chinalwb/are/colorpicker/ColorPickerView.java, line(s) 107 com/chinalwb/are/emojipanel/Util.java, line(s) 21 com/chinalwb/are/styles/ARE_ABS_Style.java, line(s) 113 com/folioreader/AppContext.java, line(s) 40 com/folioreader/Config.java, line(s) 126,145,187,200,204,235,238,241,253,256,259 com/folioreader/mediaoverlay/MediaController.java, line(s) 135 com/folioreader/model/locators/ReadLocator.java, line(s) 111,140 com/folioreader/model/sqlite/FolioDatabaseHelper.java, line(s) 59 com/folioreader/model/sqlite/HighLightTable.java, line(s) 104 com/folioreader/ui/activity/FolioActivity.java, line(s) 143,585,135,168,287,311,325,436,452,467,508,513,527,532,580,593,718,752,764,891,893,920,929,986,1106,1133,1252,1262,1311,553,556 com/folioreader/ui/activity/SearchActivity$toolbarOnLayoutChangeListener$1.java, line(s) 32,41 com/folioreader/ui/activity/SearchActivity.java, line(s) 236,181,142,158,257,277,299,312,317,344,349,424,439,464,479 com/folioreader/ui/adapter/FolioPageFragmentAdapter.java, line(s) 70,82 com/folioreader/ui/adapter/ListViewType.java, line(s) 57 com/folioreader/ui/adapter/SearchAdapter.java, line(s) 44,53 com/folioreader/ui/base/DictionaryTask.java, line(s) 40,26 com/folioreader/ui/base/HtmlTask.java, line(s) 39 com/folioreader/ui/base/WikipediaTask.java, line(s) 37,52,57,27 com/folioreader/ui/fragment/DictionaryFragment.java, line(s) 177,199,246 com/folioreader/ui/fragment/FolioPageFragment.java, line(s) 396,420,1128,1328,1330,214,221,248,1093,1116,1177,1456,1630,1670 com/folioreader/ui/fragment/MediaControllerFragment.java, line(s) 147,189,221,229,254,260,270,281 com/folioreader/ui/view/DirectionalViewpager.java, line(s) 538,544,568 com/folioreader/ui/view/FolioAppBarLayout.java, line(s) 75,87 com/folioreader/ui/view/FolioSearchView.java, line(s) 69,81,95 com/folioreader/ui/view/FolioWebView.java, line(s) 227,367,400,685,858,866,881,888,902,911,919,926,935,949,967,1087,1110,1201,237,1112,1131,1133,1136,1159,1171,1174,223,451,476,502,513,524,535,546,557,626,632,637,983,1104,1200,231,650 com/folioreader/ui/view/WebViewPager.java, line(s) 126,159 com/folioreader/util/AppUtil.java, line(s) 90,121,132 com/folioreader/util/FileUtil.java, line(s) 34,65 com/folioreader/util/HighlightUtil.java, line(s) 44 com/folioreader/util/UiUtil.java, line(s) 61,144,171,205,248 com/folioreader/viewmodels/SearchViewModel.java, line(s) 81,120,192,113,72,97,127,211 com/github/barteksc/pdfviewer/PDFView.java, line(s) 338,571,726,735 com/github/kittinunf/fuel/core/interceptors/LoggingInterceptorsKt.java, line(s) 23,42,55,56 com/github/mikephil/charting/charts/BarChart.java, line(s) 66 com/github/mikephil/charting/charts/BarLineChartBase.java, line(s) 594,228,239,254,260,300 com/github/mikephil/charting/charts/Chart.java, line(s) 199,193,212,332,857,862 com/github/mikephil/charting/charts/HorizontalBarChart.java, line(s) 100 com/github/mikephil/charting/charts/PieRadarChartBase.java, line(s) 198 com/github/mikephil/charting/components/AxisBase.java, line(s) 95 com/github/mikephil/charting/data/ChartData.java, line(s) 433 com/github/mikephil/charting/listener/BarLineChartTouchListener.java, line(s) 274 com/github/mikephil/charting/utils/FileUtils.java, line(s) 45,65,85,97,111,122,138,157,170 com/github/mikephil/charting/utils/Utils.java, line(s) 47,65,73 com/handmark/pulltorefresh/library/OverscrollHelper.java, line(s) 55 com/handmark/pulltorefresh/library/PullToRefreshAdapterViewBase.java, line(s) 73,290,297,306 com/handmark/pulltorefresh/library/PullToRefreshBase.java, line(s) 177,371,452,614,660,682 com/handmark/pulltorefresh/library/internal/Utils.java, line(s) 9 com/mcb/stjohnsemschool/Assymetric/AdapterImpl.java, line(s) 53,101,147,149,156,236,222 com/mcb/stjohnsemschool/activity/AddDeliveryAddressActivity.java, line(s) 265 com/mcb/stjohnsemschool/activity/GalleryImageViewPagerActivity.java, line(s) 363 com/mcb/stjohnsemschool/activity/LearningTopicContentActivity.java, line(s) 305,309 com/mcb/stjohnsemschool/activity/LoginActivity.java, line(s) 360,388,397,882,456 com/mcb/stjohnsemschool/activity/MapPlacePickerActivity.java, line(s) 188,243,263,264,388 com/mcb/stjohnsemschool/activity/SavePtmActivity.java, line(s) 99 com/mcb/stjohnsemschool/activity/SubmitTransportConcernActivity.java, line(s) 199,467,999 com/mcb/stjohnsemschool/adapter/DetailAdapter.java, line(s) 532 com/mcb/stjohnsemschool/adapter/GooglePlacesAutocompleteAdapter.java, line(s) 128,102,121,122 com/mcb/stjohnsemschool/adapter/LearningTopicsAdapter.java, line(s) 844 com/mcb/stjohnsemschool/adapter/MenuGridAdapter1.java, line(s) 87,91 com/mcb/stjohnsemschool/fragment/MenuHomeFragment1.java, line(s) 378,469,527,574 com/mcb/stjohnsemschool/fragment/PTMFragment.java, line(s) 115 com/mcb/stjohnsemschool/fragment/TodayUpdatesFragment.java, line(s) 280,326,395 com/mcb/stjohnsemschool/fragment/UpComingPTMSFragment.java, line(s) 137 com/mcb/stjohnsemschool/notifications/MyFirebaseMessagingService.java, line(s) 37,42,46,50,66,94,96 com/mcb/stjohnsemschool/utils/Constants.java, line(s) 609 com/mcb/stjohnsemschool/utils/ExoPlayerManager.java, line(s) 56,60,64,68,86,90,94,98,102,106 com/mcb/stjohnsemschool/utils/FetchAddressIntentService.java, line(s) 35,41,56,57 com/mcb/stjohnsemschool/utils/MSGraphRequestWrapper.java, line(s) 20,29,38 com/mcb/stjohnsemschool/utils/NumericPageIndicator.java, line(s) 537,546,558,570 com/mcb/stjohnsemschool/utils/SmartTextView.java, line(s) 79,102,122,139,156,130,147 com/mcb/stjohnsemschool/utils/TouchImageView.java, line(s) 908 com/mcb/stjohnsemschool/utils/Utility.java, line(s) 875,879,903,907,931,935,959,963,844,848 com/mcb/stjohnsemschool/utils/async_task_thread_pool/AsyncTaskEx.java, line(s) 120 com/mcxiaoke/koi/log/LogKt.java, line(s) 99,213,353,371,144,273,470,488,114,233,392,410,84,193,314,332,129,159,166,173,253,293,431,449,509,527 com/microsoft/identity/client/helper/BrokerHelperActivity.java, line(s) 47 com/microsoft/identity/common/adal/internal/util/StringExtensions.java, line(s) 56 com/microsoft/identity/common/internal/commands/RefreshOnCommand.java, line(s) 43 com/microsoft/identity/common/java/controllers/CommandDispatcher.java, line(s) 91 com/microsoft/identity/common/logging/Logger.java, line(s) 105,99,110,103 com/mlsdev/rximagepicker/RxImageConverters.java, line(s) 28,43 com/shockwave/pdfium/PdfiumCore.java, line(s) 69,206,210,240,244 com/wdullaer/materialdatetimepicker/date/DatePickerDialog.java, line(s) 207 com/wdullaer/materialdatetimepicker/date/DayPickerView.java, line(s) 136,148,210,135,147,209 com/wdullaer/materialdatetimepicker/time/AmPmCirclesView.java, line(s) 52 com/wdullaer/materialdatetimepicker/time/CircleView.java, line(s) 34 com/wdullaer/materialdatetimepicker/time/RadialPickerLayout.java, line(s) 131,430,436 com/wdullaer/materialdatetimepicker/time/RadialSelectorView.java, line(s) 58,185,195 com/wdullaer/materialdatetimepicker/time/RadialTextsView.java, line(s) 75,239,248 com/wdullaer/materialdatetimepicker/time/TimePickerDialog.java, line(s) 925,1110 io/ably/lib/http/HttpScheduler.java, line(s) 130,136 io/ably/lib/platform/Platform.java, line(s) 21,24,26,31 io/ably/lib/push/ActivationContext.java, line(s) 81,117,43,47,53,59,62,74,78,84,93,98,104,112,124,130,147,153,156,159,166,175,184 io/ably/lib/push/ActivationStateMachine.java, line(s) 760,771,777,784,790,311,327,333,576,599,631,660,666,702,709,736,742,308,567,595,625,654,689,730,848 io/ably/lib/push/LocalDevice.java, line(s) 57,60,25,48,51,70,73,78,85,90,97,103,113,129,168 io/ably/lib/push/Push.java, line(s) 55,64,29,38,49,52,70,73,89,94,98,113 io/ably/lib/push/PushBase.java, line(s) 56,96,115,133,154,172,200,219,233,254,275 io/ably/lib/realtime/AblyRealtime.java, line(s) 106,119 io/ably/lib/realtime/ChannelBase.java, line(s) 205,215,337,400,408,442,501,520,531,572,608,701,924,954,81,107,125,159,186,224,229,241,249,303,430,447,453,459,468,474,479,487,495,527,565,588,646,651,656,692,717,824,913,919,940,549 io/ably/lib/realtime/Connection.java, line(s) 52 io/ably/lib/realtime/Presence.java, line(s) 158,164,446,460,56,127,224,229,234,253,259,274,280,295,301,306,408,454,525,612,621 io/ably/lib/rest/AblyBase.java, line(s) 76,82,80,81 io/ably/lib/rest/AblyRest.java, line(s) 40,26,33 io/ably/lib/rest/Auth.java, line(s) 576,671,316,334,399,475,552,565,570,572,574,582,587,592,598,605,616,620,623,626,292 io/ably/lib/transport/ConnectionManager.java, line(s) 356,363,526,540,783,785,1089,1206,1221,1286,1297,1326,750,1351,1353,1362,1364,610,617,623,632,716,720,733,737,740,769,982,995,1006,1024,1040,1100,1106,1158,1176 io/ably/lib/transport/ITransport.java, line(s) 108,95 io/ably/lib/transport/WebSocketTransport.java, line(s) 73,94,107,151,159,171,181,188,84,87,163,175,213,253,260,271,113,119,236,246 io/ably/lib/types/BaseMessage.java, line(s) 115 io/ably/lib/types/ConnectionDetails.java, line(s) 59 io/ably/lib/types/ErrorInfo.java, line(s) 74,101 io/ably/lib/types/Message.java, line(s) 156,165,96 io/ably/lib/types/MessageSerializer.java, line(s) 156 io/ably/lib/types/PresenceMessage.java, line(s) 112,121,138,147,91 io/ably/lib/types/PresenceSerializer.java, line(s) 92 io/ably/lib/types/ProtocolMessage.java, line(s) 344,388 io/ably/lib/types/PublishResponse.java, line(s) 60,101 io/ably/lib/util/Crypto.java, line(s) 194 io/ably/lib/util/Log.java, line(s) 29 org/ccil/cowan/tagsoup/CommandLine.java, line(s) 62,78,85,92,93,98,101,103,105,108,232,233 org/ccil/cowan/tagsoup/jaxp/JAXPTest.java, line(s) 15,21,22,24,25 org/greenrobot/eventbus/Logger.java, line(s) 81,86 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 181 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25 org/joda/time/tz/DateTimeZoneBuilder.java, line(s) 878,879,904 org/joda/time/tz/ZoneInfoCompiler.java, line(s) 57,58,59,60,61,191,210,223,235,238,243,262,278,334 org/jsoup/examples/HtmlToPlainText.java, line(s) 28,32 org/jsoup/examples/ListLinks.java, line(s) 45 org/kobjects/crypt/Crypt.java, line(s) 194 org/kobjects/mime/Decoder.java, line(s) 83 org/kobjects/pim/PimParser.java, line(s) 43,47,58 org/kxml2/io/KXmlParser.java, line(s) 577 org/nanohttpd/util/ServerRunner.java, line(s) 15,18,24 org/readium/r2/streamer/ClientAppContext.java, line(s) 40 org/readium/r2/streamer/fetcher/ContentFiltersEpub.java, line(s) 282 org/readium/r2/streamer/fetcher/DrmDecoder.java, line(s) 42,48 org/readium/r2/streamer/fetcher/FontDecoder.java, line(s) 46 org/readium/r2/streamer/parser/CbzParser.java, line(s) 53,57,66 org/readium/r2/streamer/parser/EpubParser.java, line(s) 99,103,107,251,254,289 org/readium/r2/streamer/parser/epub/OPFParser.java, line(s) 218 org/readium/r2/streamer/server/handler/CSSHandler.java, line(s) 52,42 org/readium/r2/streamer/server/handler/FontHandler.java, line(s) 58,48 org/readium/r2/streamer/server/handler/JSHandler.java, line(s) 52,42 org/readium/r2/streamer/server/handler/ManifestHandler.java, line(s) 40 org/readium/r2/streamer/server/handler/ResourceHandler.java, line(s) 93,72 org/readium/r2/streamer/server/handler/SearchQueryHandler$runWebviewForRangyFind$1.java, line(s) 29,36 org/readium/r2/streamer/server/handler/SearchQueryHandler$runWebviewForWindowFind$1.java, line(s) 29,36 org/readium/r2/streamer/server/handler/SearchQueryHandler.java, line(s) 119,190,111,271,95,147,218 org/springframework/cglib/core/DebuggingClassWriter.java, line(s) 27 org/springframework/cglib/reflect/FastMethod.java, line(s) 19,21 org/springframework/util/SystemPropertyUtils.java, line(s) 33 se/emilsjolander/stickylistheaders/StickyListHeadersListView.java, line(s) 483 timber/log/Timber.java, line(s) 521,539
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/folioreader/util/UiUtil.java, line(s) 6,125
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://st-johns-em-high-school.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: com/folioreader/FolioReader.java, line(s) 164,164 com/github/kittinunf/fuel/core/FuelManager.java, line(s) 81,78,81,77,77 com/mcb/stjohnsemschool/services/ApiClient.java, line(s) 20,34,51,20,34,51 org/jsoup/helper/HttpConnection.java, line(s) 880,838 org/nanohttpd/protocols/http/NanoHTTPD.java, line(s) 127,125,127,151,124,124
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/718163066574/namespaces/firebase:fetch?key=AIzaSyBeHcP7FXpiEpxb4lb7iaHgOT-Hhk55KiA ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
St.John's v1.0.9
Android APK
49
综合安全评分
中风险