应用安全检测报告
应用安全检测报告,支持文件搜索、内容检索和AI代码分析
移动应用安全检测报告
Clash Legends v0.0.1
47
安全评分
安全基线评分
47/100
中风险
综合风险等级
风险等级评定
- A
- B
- C
- F
应用存在一定安全风险,建议优化
漏洞与安全项分布
10
高危
85
中危
3
信息
3
安全
隐私风险评估
7
第三方跟踪器
高隐私风险
检测到大量第三方跟踪器
检测结果分布
高危安全漏洞
10
中危安全漏洞
85
安全提示信息
3
已通过安全项
3
重点安全关注
0
高危安全漏洞 检测到调试证书签名
检测到应用使用调试证书签名。请勿在生产环境中使用调试证书。
高危安全漏洞 应用可被调试
[android:debuggable=true] 应用开启了可调试标志,攻击者可轻易附加调试器进行逆向分析,导出堆栈信息或访问调试相关类,极大提升被攻击风险。
高危安全漏洞 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: in/juspay/godel/browser/DummyWebviewClient.java, line(s) 39,30 in/juspay/godel/browser/WebviewClientImpl.java, line(s) 392,411,422,354
高危安全漏洞 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/payu/custombrowser/b.java, line(s) 852,22 com/razorpay/BaseCheckoutActivity.java, line(s) 275,278,11,12 com/razorpay/CheckoutActivity.java, line(s) 50,5 com/razorpay/CheckoutPresenterImpl.java, line(s) 267,351,15 in/juspay/godel/browser/UberWebViewClient.java, line(s) 53,6,7 in/juspay/godel/ui/uber/UberController.java, line(s) 634,9
高危安全漏洞 已启用远程WebView调试
已启用远程WebView调试 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/onesignal/inAppMessages/internal/display/impl/WebViewManager.java, line(s) 384,5 in/juspay/godel/ui/JuspayBrowserFragment.java, line(s) 2628,57
高危安全漏洞 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/razorpay/CryptLib.java, line(s) 19
高危安全漏洞 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/paypal/android/sdk/eg.java, line(s) 38,54
高危安全漏洞 启用了调试配置。生产版本不能是可调试的
启用了调试配置。生产版本不能是可调试的 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04c-Tampering-and-Reverse-Engineering.md#debugging-and-tracing Files: com/clash/legends/BuildConfig.java, line(s) 3,6
高危安全漏洞 该文件是World Readable。任何应用程序都可以读取文件
该文件是World Readable。任何应用程序都可以读取文件 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#testing-local-storage-for-sensitive-data-mstg-storage-1-and-mstg-storage-2 Files: com/razorpay/SharedPreferenceUtil.java, line(s) 36
高危安全漏洞 应用程序包含隐私跟踪程序
此应用程序有多个7隐私跟踪程序。跟踪器可以跟踪设备或用户,是终端用户的隐私问题。
中危安全漏洞 应用已启用明文网络流量
[android:usesCleartextTraffic=true] 应用允许明文网络流量(如 HTTP、FTP 协议、DownloadManager、MediaPlayer 等)。API 级别 27 及以下默认启用,28 及以上默认禁用。明文流量缺乏机密性、完整性和真实性保护,攻击者可窃听或篡改传输数据。建议关闭明文流量,仅使用加密协议。
中危安全漏洞 应用数据允许备份
[android:allowBackup=true] 该标志允许通过 adb 工具备份应用数据。启用 USB 调试的用户可直接复制应用数据,存在数据泄露风险。
中危安全漏洞 Activity (com.clash.legends.ui.activities.TronActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.WebActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.ChooseLanguageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedLanguageActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SingleOrderActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyOrderActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SuccessOrderActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.ProductOrderActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SingleProductActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.ProductActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.bep20Activity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyRewardedActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.WatchAndEarnActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.FpOtpVerificationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedLotteryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LotteryActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.AnnouncementActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.OtpVerifyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.IndroductionActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.OfflinePaymentActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.TermsandConditionActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LeaderboardActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.WithdrawMoneyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.AddMoneyActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyReferralsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.ReferandEarnActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedGameActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.AppUpdateActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.HowtoActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.clash.legends.utils.InstallReceivernew) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.FirstActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.NoInternetActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SuccessJoinActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectMatchPositionActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedResultActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.CustomerSupportActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.AboutusActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.TopPlayerActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyStatisticsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedTournamentActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.JoiningMatch) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.TansactionSuccessActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.TransactionFailActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyProfileActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LudoNotificationActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.paytm.pgsdk.PaytmPGActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MyWalletActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.HomeActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.CreateNewAccount) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LudoActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LudoLeaderBoardActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.FriendsActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.SelectedMyContestActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.MainActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.clash.legends.ui.activities.LudoChatActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.clash.legends.utils.FirebaseNotificationService) 未受保护。
[android:exported=true] 检测到 Service 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.cashfree.pg.core.api.ui.receiver.CFSMSBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.phone.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.facebook.CustomTabActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.FCMBroadcastReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.onesignal.NotificationOpenedActivityHMS) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.NotificationDismissReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.BootUpReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.onesignal.notifications.receivers.UpgradeReceiver) 未受保护。
[android:exported=true] 检测到 Broadcast Receiver 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.onesignal.notifications.activities.NotificationOpenedActivityAndroid22AndOlder) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Broadcast Receiver (com.google.firebase.iid.FirebaseInstanceIdReceiver) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.c2dm.permission.SEND [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.GenericIdpActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Activity (com.google.firebase.auth.internal.RecaptchaActivity) 未受保护。
[android:exported=true] 检测到 Activity 已导出,未受任何权限保护,任意应用均可访问。
中危安全漏洞 Service (com.google.android.gms.auth.api.signin.RevocationBoundService) 受权限保护,但应检查权限保护级别。
Permission: com.google.android.gms.auth.api.signin.permission.REVOCATION_NOTIFICATION [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Service (androidx.work.impl.background.systemjob.SystemJobService) 受权限保护,但应检查权限保护级别。
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true] 检测到 Service 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) 受权限保护,但应检查权限保护级别。
Permission: android.permission.DUMP [android:exported=true] 检测到 Broadcast Receiver 已导出并受未在本应用定义的权限保护。请在权限定义处核查其保护级别。若为 normal 或 dangerous,恶意应用可申请并与组件交互;若为 signature,仅同证书签名应用可访问。
中危安全漏洞 高优先级 Intent(999) - {1} 个命中
[android:priority] 通过设置较高的 Intent 优先级,应用可覆盖其他请求,可能导致安全风险。
中危安全漏洞 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: co/paystack/android/design/widget/PinPadView.java, line(s) 17 com/onesignal/common/AndroidUtils.java, line(s) 22 com/onesignal/notifications/internal/display/impl/NotificationDisplayer.java, line(s) 32 com/onesignal/notifications/internal/display/impl/SummaryNotificationDisplayer.java, line(s) 17 com/paypal/android/sdk/cm.java, line(s) 8 com/paypal/android/sdk/eb.java, line(s) 5 com/paypal/android/sdk/ey.java, line(s) 5 com/payu/checkoutpro/utils/f.java, line(s) 51 com/payu/custombrowser/services/SnoozeService.java, line(s) 29 in/juspay/godel/ui/uber/SlidingLayer.java, line(s) 27 io/opencensus/trace/SpanId.java, line(s) 4 io/opencensus/trace/TraceId.java, line(s) 4 j$/util/concurrent/ThreadLocalRandom.java, line(s) 18
中危安全漏洞 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: co/paystack/android/api/request/ChargeRequestBody.java, line(s) 21 com/clash/legends/utils/NotificationSender.java, line(s) 22 com/onesignal/core/internal/http/impl/OptionalHeaders.java, line(s) 91 com/onesignal/inAppMessages/internal/display/impl/WebViewManager.java, line(s) 47,48,49,42 com/onesignal/inAppMessages/internal/prompt/InAppMessagePromptTypes.java, line(s) 8,9 com/onesignal/inAppMessages/internal/prompt/impl/InAppMessagePrompt.java, line(s) 36 com/onesignal/notifications/bridges/OneSignalHmsEventBridge.java, line(s) 23,24 com/onesignal/notifications/internal/Notification.java, line(s) 474 com/onesignal/notifications/internal/bundle/impl/NotificationBundleProcessor.java, line(s) 21 com/onesignal/notifications/internal/common/NotificationConstants.java, line(s) 18,12,13,14,15,16 com/onesignal/notifications/internal/common/NotificationHelper.java, line(s) 33 com/onesignal/notifications/receivers/FCMBroadcastReceiver.java, line(s) 21 com/payu/checkoutpro/models/o.java, line(s) 104 com/payu/checkoutpro/utils/PayUCheckoutProConstants.java, line(s) 47 com/payu/custombrowser/util/b.java, line(s) 51,57,55,66,99,121,162 com/payu/india/Payu/PayuConstants.java, line(s) 63,120,136,185,149,209,233,288 com/payu/india/Payu/PayuErrors.java, line(s) 24 com/payu/otpassist/utils/Constants.java, line(s) 85,41,42,44,59,69,83 com/payu/paymentparamhelper/PayuConstants.java, line(s) 58,69,75,87,92,129 com/payu/payuanalytics/analytics/utils/PayUAnalyticsConstant.java, line(s) 8 com/payu/socketverification/util/PayUNetworkConstant.java, line(s) 18,20 com/payu/upisdk/a.java, line(s) 342 com/payu/upisdk/util/UpiConstant.java, line(s) 28,30,34,66,81,105 com/razorpay/AnalyticsConstants.java, line(s) 101,114,57 com/razorpay/AutoOtpConstants.java, line(s) 6 com/razorpay/BaseConstants.java, line(s) 18,25 com/razorpay/CheckoutConstants.java, line(s) 36 com/razorpay/Config.java, line(s) 31 com/razorpay/ConfigDroid.java, line(s) 13 com/razorpay/MagicData.java, line(s) 6 com/razorpay/OtpElfData.java, line(s) 6 io/grpc/PersistentHashArrayMappedTrie.java, line(s) 173 io/opencensus/metrics/AutoValue_LabelKey.java, line(s) 29 io/opencensus/tags/AutoValue_Tag.java, line(s) 39 io/opencensus/trace/AutoValue_Tracestate_Entry.java, line(s) 31
中危安全漏洞 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/paypal/android/sdk/aw.java, line(s) 107,341 com/paypal/android/sdk/ay.java, line(s) 21,55 com/paypal/android/sdk/d.java, line(s) 101
中危安全漏洞 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: co/paystack/android/ui/AuthActivity.java, line(s) 44,42 com/cashfree/pg/core/api/ui/BaseCFWebView.java, line(s) 60,55 com/clash/legends/ui/activities/WebActivity.java, line(s) 75,71 com/instamojo/android/fragments/JuspaySafeBrowser.java, line(s) 22,23 com/payu/custombrowser/b.java, line(s) 702,701 com/payu/otpassist/PayUOtpAssistActivity.java, line(s) 203,225,194 com/payu/upisdk/upiintent/PaymentResponseUpiSdkActivity.java, line(s) 169,168 com/razorpay/BaseUtils.java, line(s) 182,160 in/juspay/godel/jseval/WebViewWrapper.java, line(s) 23,21 in/juspay/godel/ui/uber/UberController.java, line(s) 609,606
中危安全漏洞 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: in/juspay/godel/ui/JuspayBrowserFragment.java, line(s) 2619,2614
中危安全漏洞 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/razorpay/BaseUtils.java, line(s) 784 com/razorpay/CryptLib.java, line(s) 33 in/juspay/godel/util/EncryptionHelper.java, line(s) 90,111 in/juspay/godel/util/OtpUtil.java, line(s) 259
中危安全漏洞 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/clash/legends/utils/HashGenerationUtils.java, line(s) 45 com/paypal/android/sdk/dh.java, line(s) 24
中危安全漏洞 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/onesignal/core/internal/database/impl/OSDatabase.java, line(s) 7,8,9,10,11,440 com/onesignal/session/internal/outcomes/impl/OutcomeTableProvider.java, line(s) 3,4,15,16,17,18,19,20,21,26,36,37,38,39,40,45,53,54,59,69,70,71,72,73,78
中危安全漏洞 IP地址泄露
IP地址泄露 Files: com/paypal/android/sdk/az.java, line(s) 9
中危安全漏洞 向Firebase上传数据
向Firebase上传数据 Files: com/clash/legends/ui/activities/LudoChatActivity.java, line(s) 148,31
中危安全漏洞 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 AdMob广告平台的=> "com.google.android.gms.ads.APPLICATION_ID" : "@7F12004C" "Password" : "Password" "Username" : "Username" "admob_app_id" : "ca-app-pub-4730142581839465~3516127813" "api" : "https://clashlegends.store/api/" "cb_password" : "PASSWORD" "cb_password_value" : "Password" "cb_pwd_btn" : "pwd_btn" "cb_snooze_verify_api_status" : "api_status" "firebase_database_url" : "https://clash-legends-ed15b-default-rtdb.firebaseio.com" "google_api_key" : "AIzaSyDs0v2i2rOVx1XDPCL0CAtNCOgvUvnCrXg" "google_app_id" : "1:308774198121:android:2bfdf52befe585982a7bf8" "google_crash_reporting_api_key" : "AIzaSyDs0v2i2rOVx1XDPCL0CAtNCOgvUvnCrXg" "password" : "Password" "payu_sentry_key" : "payu_sentry_key" "username" : "Username" "admob_app_id" : "ca-app-pub-8534325609823184~6377822467" "admob_app_id" : "ca-app-pub-8534325609823184~6377822467" eyJhbGciOiJSUzI1NiIsIng1YyI6WyJNSUlDNlRDQ0FkRUNBU293RFFZSktvWklodmNOQVFFTEJRQXdEekVOTUFzR0ExVUVBd3dFVW05dmREQWVGdzB4TkRFeE1UZ3hOalUwTUROYUZ3MHpOREV4TVRNeE5qVTBNRE5hTUdZeEN6QUpCZ05WQkFZVEFsVlRNUk13RVFZRFZRUUlEQXBEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIREExTmIzVnVkR0ZwYmlCV2FXVjNNUlF3RWdZRFZRUUtEQXRIYjI5bmJHVWdTVzVqTGpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDekZWS0pPa3FUbXl5ak1IV0JPckxkcFltYzBFY3ZHM01vaGFWK1VKclZySTJTRHlrWThZV1NrVEt6OUJLbUY4SFAvR2pQUERzMzE4NENlajliMVdleXZWQjhSajNndUgzb0wrc0pUM3U5VjJ5NHp5bzV4TzZGV01CWUVRNlg4RGtHbFl0VHA1dGhlWWJSclhORUx1bDRsRitMdEhUQ2FBQU5STWtPbDBORW9MYTZCUmhPRzY4Z0ZmSUF4eDVsVDhSRUU5dXR2UHV5K3JDYUJIbmZIT1BmOHBuMExTdmNlQmlqU0lGb1MzWTVjcmpQVmp5aVBBWlVIV25IVEZBaWxmSG5wTEJsR3hwQ3lsZVBRaE1LclBjZ3ZEb0Q5bmQwTEE2eFlMRjdEUFhYU2E4RkxPK2ZQVjhDTkpDQXNGdXE5UmxmMlR0M1NqTHRXUll1aDVMdWN0UDdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFc01BQlpsKzhSbGswaHFCa3RzRHVycmk0bkYvMDdDblNCZS96VWJUaVloTXByN1ZSSURsSExvZTVsc2xMaWxmWHp2YXltY01GZUgxdUJ4TndoZjdJTzdXdkl3UWVVSFNWK3JIeU55Z1RUaWVPMEpuOEh3KzRTQ29oSEFkTXZENXVXRXduM0x2K1c0eTdPaGFTYnpsaFZDVkNuRkxWS2ljQmF5VVhIdGRKWEpJQ29rUjQraC9XTk03ZzBpS1RoYWtaT3lmYjhoMXBoeTdUTVRWbFBGS3JjVkRvNW05K0dodFBDNFBOakdMb2s2ci9qeDlDSU9DYXBJcWk4ZlhKRU94S3ZpbFllQVlxZmpXdmh4MDBqdUVVQkhycENROHdUNFRBK0xsSTAyY1J6NXJ4VzRGUUF6MU5kb0c5SFpEWldhK05ORlRaZEFtdFdQSk1MZCs4TDhzbDQ9IiwiTUlJQzhUQ0NBZG1nQXdJQkFnSUpBTU5JMTVIckd5bGtNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1BOHhEVEFMQmdOVkJBTU1CRkp2YjNRd0hoY05NVFF4TVRFNE1UWTFOREF6V2hjTk16UXhNVEV6TVRZMU5EQXpXakFQTVEwd0N3WURWUVFEREFSU2IyOTBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXplVU5jNGJTV0hoT1RVKzVNUS9sT21talFXcGZCaStGSnV4dm9lT21Rd2k2ZnJQS0tzYUtLWUdmQ1RQbEtFMGRtckVQOTVibmkvcUw1eEFwUDE3b3JqVWU2S1J0SkF3Rk5JNUVaYWRJZmpiaC9xKzg1QzFDcDJCUzJZbXVaUXpYWkhQNjN5eUJwMDVZY2JNS3dDQkhYYUFnWWJtVFRrKzQrMXBqTnBIUDZZaUYyZ0NQdlNmem9rR3loYnZCcW5QYm5UZEk5dzZmak5CWUFici91Qk9UVTB2SzRrdHpsV2s1bHZzbTUxZTh2c0xTcVdob0hBRHEwQXJpQWVsVTRTSHNTQUNrUlVRU3hXVjBLNWh6VHY0ZWN2Q2JHOWRza2lEQ3dXZyt1VFJTb0FGZVpPaE9OTDAwMHE3VmV5M0RaVGNMbDgvTzROUVZhWlI1aUFnVldsV2Nzd0lEQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVc2ltbElSRGNKUjBvZlI3b004S3dIRk9IK3NJd0h3WURWUjBqQkJnd0ZvQVVzaW1sSVJEY0pSMG9mUjdvTThLd0hGT0grc0l3REFZRFZSMFRCQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXUWw4U21iUW9CVjN0ak9KOHpNbGNOMHhPUHBTU05ieDBnN0VML2RRZ0pwZXQwTWNXNjJSSGxnUUFPS2JTM1BSZW8ybnNSQi9aUnlZRHU0aTEzWkhaOGJNc0dPRVM0QlFwejEzbXRtWGc5UmhzWHFMMGVEWWZCY2pqdGxydVVieGhuQUxwNFZOMXpWZHlXQVBDajBldTNNeHBnTVdjeW41MFFtaUpTai9FcXUvbExodmUvd0t2akc1V2huVjh1UktSdUZiRmN0MERIQUhNblpxRkhjR1M1U28wY1luU2ZLNWZiQlJOZWxHZmxocGJiUHAwVjBhWGlxaW5xRDBZZTNPYVpkRnErMnJQMW9DL2E1L091NExzcFkzYjVvRDlyRU5keTdicTBLZXdQRnRnUHZVa0pySjNUemJpd3ZwZ2haN3pHMjZibko1STd1YzR5MVZ1anFhT0E9PSJdfQ Ir6u2LUVVdyLKonwTtdFw9qhBaMb4NZuZHKS0bGxdZlRAB3 EJhi9jOPswug9TDOv93qg4Y28xIlqPDpAoqd7biDLpeGCPvORHjP1Fh4CbFPgKMGCHejdDwe9w1uDWnjPCp1lkaFBjVmjvjpFtnr6z1YeBbmfZYqa9faQT PHN2ZyBmaWxsPSIjRkZGRkZGIiBoZWlnaHQ9IjI0IiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4gICAgPHBhdGggZD0iTTguNTkgMTYuMzRsNC41OC00LjU5LTQuNTgtNC41OUwxMCA1Ljc1bDYgNi02IDZ6Ii8+ICAgIDxwYXRoIGQ9Ik0wLS4yNWgyNHYyNEgweiIgZmlsbD0ibm9uZSIvPjwvc3ZnPg== aXNccyhcZHs2LDh9KXwoXGR7Niw4fSlcc2lzfGlzXHMoXGR7NH0p 9ee1052cde77d828ec522ab71d966d8d PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxMnB4IiBoZWlnaHQ9IjE1cHgiIHZpZXdCb3g9IjAgMCAxMiAxNSIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5pYy1sb2NrLTI0cHhAMng8L3RpdGxlPiAgICA8ZGVzYz5DcmVhdGVkIHdpdGggU2tldGNoLjwvZGVzYz4gICAgPGRlZnM+PC9kZWZzPiAgICA8ZyBpZD0iUGFnZS0xIiBzdHJva2U9Im5vbmUiIHN0cm9rZS13aWR0aD0iMSIgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIj4gICAgICAgIDxnIGlkPSI1LjQiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yNi4wMDAwMDAsIC01OTYuMDAwMDAwKSI+ICAgICAgICAgICAgPGcgaWQ9Ikdyb3VwLTciIHRyYW5zZm9ybT0idHJhbnNsYXRlKDE2LjAwMDAwMCwgNTg4LjAwMDAwMCkiPiAgICAgICAgICAgICAgICA8ZyBpZD0iaWMtbG9jay0yNHB4IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4LjAwMDAwMCwgOC4wMDAwMDApIj4gICAgICAgICAgICAgICAgICAgIDxwb2x5Z29uIGlkPSJTaGFwZSIgcG9pbnRzPSIwIDAgMTYgMCAxNiAxNiAwIDE2Ij48L3BvbHlnb24+ICAgICAgICAgICAgICAgICAgICA8cGF0aCBkPSJNMTIsNS4zMzMzMzMzMyBMMTEuMzMzMzMzMyw1LjMzMzMzMzMzIEwxMS4zMzMzMzMzLDQgQzExLjMzMzMzMzMsMi4xNiA5Ljg0LDAuNjY2NjY2NjY3IDgsMC42NjY2NjY2NjcgQzYuMTYsMC42NjY2NjY2NjcgNC42NjY2NjY2NywyLjE2IDQuNjY2NjY2NjcsNCBMNC42NjY2NjY2Nyw1LjMzMzMzMzMzIEw0LDUuMzMzMzMzMzMgQzMuMjY2NjY2NjcsNS4zMzMzMzMzMyAyLjY2NjY2NjY3LDUuOTMzMzMzMzMgMi42NjY2NjY2Nyw2LjY2NjY2NjY3IEwyLjY2NjY2NjY3LDEzLjMzMzMzMzMgQzIuNjY2NjY2NjcsMTQuMDY2NjY2NyAzLjI2NjY2NjY3LDE0LjY2NjY2NjcgNCwxNC42NjY2NjY3IEwxMiwxNC42NjY2NjY3IEMxMi43MzMzMzMzLDE0LjY2NjY2NjcgMTMuMzMzMzMzMywxNC4wNjY2NjY3IDEzLjMzMzMzMzMsMTMuMzMzMzMzMyBMMTMuMzMzMzMzMyw2LjY2NjY2NjY3IEMxMy4zMzMzMzMzLDUuOTMzMzMzMzMgMTIuNzMzMzMzMyw1LjMzMzMzMzMzIDEyLDUuMzMzMzMzMzMgWiBNOCwxMS4zMzMzMzMzIEM3LjI2NjY2NjY3LDExLjMzMzMzMzMgNi42NjY2NjY2NywxMC43MzMzMzMzIDYuNjY2NjY2NjcsMTAgQzYuNjY2NjY2NjcsOS4yNjY2NjY2NyA3LjI2NjY2NjY3LDguNjY2NjY2NjcgOCw4LjY2NjY2NjY3IEM4LjczMzMzMzMzLDguNjY2NjY2NjcgOS4zMzMzMzMzMyw5LjI2NjY2NjY3IDkuMzMzMzMzMzMsMTAgQzkuMzMzMzMzMzMsMTAuNzMzMzMzMyA4LjczMzMzMzMzLDExLjMzMzMzMzMgOCwxMS4zMzMzMzMzIFogTTEwLjA2NjY2NjcsNS4zMzMzMzMzMyBMNS45MzMzMzMzMyw1LjMzMzMzMzMzIEw1LjkzMzMzMzMzLDQgQzUuOTMzMzMzMzMsMi44NiA2Ljg2LDEuOTMzMzMzMzMgOCwxLjkzMzMzMzMzIEM5LjE0LDEuOTMzMzMzMzMgMTAuMDY2NjY2NywyLjg2IDEwLjA2NjY2NjcsNCBMMTAuMDY2NjY2Nyw1LjMzMzMzMzMzIFoiIGlkPSJTaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgICAgIDwvZz4gICAgICAgICAgICA8L2c+ICAgICAgICA8L2c+ICAgIDwvZz48L3N2Zz4= 0c6bb86ed382d6a0d2e28afa9d024a10e7a129b5 9b8f518b086098de3d77736f9458a3d2f6f95a37 18f7a4c0-f17e-4308-b344-3c600c991450 eyAiY29uZl92ZXJzaW9uIjogIjMuMCIsImFzeW5jX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMzYwMCwgImZvcmNlZF9mdWxsX3VwZGF0ZV90aW1lX2ludGVydmFsIjogMTgwMCwgImNvbmZfcmVmcmVzaF90aW1lX2ludGVydmFsIjogODY0MDAsICJhbmRyb2lkX2FwcHNfdG9fY2hlY2siOiBbICJjb20uZWJheS5jbGFzc2lmaWVkcy9jb20uZWJheS5hcHAuTWFpblRhYkFjdGl2aXR5IiwgImNvbS5lYmF5Lm1vYmlsZS9jb20uZWJheS5tb2JpbGUuYWN0aXZpdGllcy5lQmF5IiwgImNvbS5lYmF5LnJlZGxhc2VyL2NvbS5lYmF5LnJlZGxhc2VyLlNjYW5uZWRJdGVtc0FjdGl2aXR5IiwgImNvbS5taWxvLmFuZHJvaWQvY29tLm1pbG8uYW5kcm9pZC5hY3Rpdml0eS5Ib21lQWN0aXZpdHkiLCAiY29tLnBheXBhbC5hbmRyb2lkLnAycG1vYmlsZS9jb20ucGF5cGFsLmFuZHJvaWQucDJwbW9iaWxlLmFjdGl2aXR5LlNlbmRNb25leUFjdGl2aXR5IiwgImNvbS5yZW50L2NvbS5yZW50LmFjdGl2aXRpZXMuc2Vzc2lvbi5BY3Rpdml0eUhvbWUiLCAiY29tLnN0dWJodWIvY29tLnN0dWJodWIuQWJvdXQiLCAiY29tLnVsb2NhdGUvY29tLnVsb2NhdGUuYWN0aXZpdGllcy5TZXR0aW5ncyIsICJjb20ubm9zaHVmb3UuYW5kcm9pZC5zdS9jb20ubm9zaHVmb3UuYW5kcm9pZC5zdS5TdSIsICJzdGVyaWNzb24uYnVzeWJveC9zdGVyaWNzb24uYnVzeWJveC5BY3Rpdml0eS5NYWluQWN0aXZpdHkiLCAib3JnLnByb3h5ZHJvaWQvb3JnLnByb3h5ZHJvaWQuUHJveHlEcm9pZCIsICJjb20uYWVkLmRyb2lkdnBuL2NvbS5hZWQuZHJvaWR2cG4uTWFpbkdVSSIsICJuZXQub3BlbnZwbi5vcGVudnBuL25ldC5vcGVudnBuLm9wZW52cG4uT3BlblZQTkNsaWVudCIsICJjb20ucGhvbmVhcHBzOTkuYWFiaXByb3h5L2NvbS5waG9uZWFwcHM5OS5hYWJpcHJveHkuT3Jib3QiLCAiY29tLmV2YW5oZS5wcm94eW1hbmFnZXIucHJvL2NvbS5ldmFuaGUucHJveHltYW5hZ2VyLk1haW5BY3Rpdml0eSIsICJjb20uZXZhbmhlLnByb3h5bWFuYWdlci9jb20uZXZhbmhlLnByb3h5bWFuYWdlci5NYWluQWN0aXZpdHkiLCAiY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTgvY29tLmFuZHJvbW8uZGV2MzA5MzYuYXBwNzYxOTguQW5kcm9tb0Rhc2hib2FyZEFjdGl2aXR5IiwgImNvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlL2NvbS5tZ3JhbmphLmF1dG9wcm94eV9saXRlLlByb3h5TGlzdEFjdGl2aXR5IiwgImNvbS52cG5vbmVjbGljay5hbmRyb2lkL2NvbS52cG5vbmVjbGljay5hbmRyb2lkLk1haW5BY3Rpdml0eSIsICJuZXQuaGlkZW1hbi9uZXQuaGlkZW1hbi5TdGFydGVyQWN0aXZpdHkiLCAiY29tLmRvZW50ZXIuYW5kcm9pZC52cG4uZml2ZXZwbi9jb20uZG9lbnRlci5hbmRyb2lkLnZwbi5maXZldnBuLkZpdmVWcG4iLCAiY29tLnRpZ2VydnBucy5hbmRyb2lkL2NvbS50aWdlcnZwbnMuYW5kcm9pZC5NYWluQWN0aXZpdHkiLCAiY29tLnBhbmRhcG93LnZwbi9jb20ucGFuZGFwb3cudnBuLlBhbmRhUG93IiwgImNvbS5leHByZXNzdnBuLnZwbi9jb20uZXhwcmVzc3Zwbi52cG4uTWFpbkFjdGl2aXR5IiwgImNvbS5sb25kb250cnVzdG1lZGlhLnZwbi9jb20ubG9uZG9udHJ1c3RtZWRpYS52cG4uVnBuU2VydmljZUFjdGl2aXR5IiwgImZyLm1lbGVjb20uVlBOUFBUUC52MTAxL2ZyLm1lbGVjb20uVlBOUFBUUC52MTAxLlNwbGFzaFNjcmVlbiIsICJjb20uY2hlY2twb2ludC5WUE4vY29tLmNoZWNrcG9pbnQuVlBOLk1haW5IYW5kbGVyIiwgImNvbS50dW5uZWxiZWFyLmFuZHJvaWQvY29tLnR1bm5lbGJlYXIuYW5kcm9pZC5UYmVhck1haW5BY3Rpdml0eSIsICJkZS5ibGlua3Qub3BlbnZwbi9kZS5ibGlua3Qub3BlbnZwbi5NYWluQWN0aXZpdHkiLCAib3JnLmFqZWplLmZha2Vsb2NhdGlvbi9vcmcuYWplamUuZmFrZWxvY2F0aW9uLkZha2UiLCAiY29tLmxleGEuZmFrZWdwcy9jb20ubGV4YS5mYWtlZ3BzLlBpY2tQb2ludCIsICJjb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy9jb20uZm9yZ290dGVucHJvamVjdHMubW9ja2xvY2F0aW9ucy5NYWluIiwgImtyLndvb3QwcGlhLmdwcy9rci53b290MHBpYS5ncHMuQ2F0Y2hNZUlmVUNhbiIsICJjb20ubXkuZmFrZS5sb2NhdGlvbi9jb20ubXkuZmFrZS5sb2NhdGlvbi5jb20ubXkuZmFrZS5sb2NhdGlvbiIsICJqcC5uZXRhcnQuYXJzdGFsa2luZy9qcC5uZXRhcnQuYXJzdGFsa2luZy5NeVByZWZlcmVuY2VBY3Rpdml0eSIsICJsb2NhdGlvblBsYXkuR1BTQ2hlYXRGcmVlL2xvY2F0aW9uUGxheS5HUFNDaGVhdEZyZWUuQWN0aXZpdHlTbWFydExvY2F0aW9uIiwgIm9yZy5nb29kZXYubGF0aXR1ZGUvb3JnLmdvb2Rldi5sYXRpdHVkZS5MYXRpdHVkZUFjdGl2aXR5IiwgImNvbS5zY2hlZmZzYmxlbmQuZGV2aWNlc3Bvb2YvY29tLnNjaGVmZnNibGVuZC5kZXZpY2VzcG9vZi5EZXZpY2VTcG9vZkFjdGl2aXR5IiwgImNvbS5wcm94eUJyb3dzZXIvY29tLnByb3h5QnJvd3Nlci5OZXdQcm94eUJyb3dzZXJBY3Rpdml0eSIsICJjb20uaWNlY29sZGFwcHMucHJveHlzZXJ2ZXJwcm8vY29tLmljZWNvbGRhcHBzLnByb3h5c2VydmVycHJvLnZpZXdTdGFydCIsICJob3RzcG90c2hpZWxkLmFuZHJvaWQudnBuL2NvbS5hbmNob3JmcmVlLnVpLkhvdFNwb3RTaGllbGQiLCAiY29tLmRvZW50ZXIub25ldnBuL2NvbS5kb2VudGVyLm9uZXZwbi5WcG5TZXR0aW5ncyIsICJjb20ueWVzdnBuLmVuL2NvbS55ZXN2cG4uTWFpblRhYiIsICJjb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi9jb20ub2ZmaWNld3l6ZS5wbHV0b3Zwbi5Ib21lQWN0aXZpdHkiLCAib3JnLmFqZWplLmxvY2F0aW9uc3Bvb2ZlcnByby9vcmcuYWplamUubG9jYXRpb25zcG9vZmVycHJvLkZha2UiLCAibG9jYXRpb25QbGF5LkdQU0NoZWF0L2xvY2F0aW9uUGxheS5HUFNDaGVhdC5BY3Rpdml0eVNtYXJ0TG9jYXRpb24iIF0sICJsb2NhdGlvbl9taW5fYWNjdXJhY3kiOiA1MDAsICJsb2NhdGlvbl9tYXhfY2FjaGVfYWdlIjogMTgwMCwgInNlbmRfb25fYXBwX3N0YXJ0IjogMSwgImVuZHBvaW50X3VybCI6ICJodHRwczovL3N2Y3MucGF5cGFsLmNvbS9BY2Nlc3NDb250cm9sL0xvZ1Jpc2tNZXRhZGF0YSIsICJpbnRlcm5hbF9jYWNoZV9tYXhfYWdlIjogMzAsICJjb21wX3RpbWVvdXQiOiA2MDAgfQ== a4b7452e2ed8f5f191058ca7bbfd26b0d3214bfc 6bzXGvSlP76ZiHOudKaAvoxrW8Cg5pA6EjIPpiz4zlw 0c1f4cdc3b8000c2df4055a02b3b8125 b5df90d6741a4136914f1f83a996409a df6b721c8b4d3b6eb44c861d4415007e5a35fc95 8082360e00c3117c97305f562403f237 5e8f16062ea3cd2c4a0d547876baa6f38cabf625 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c3ZnIHdpZHRoPSIxNHB4IiBoZWlnaHQ9IjE0cHgiIHZpZXdCb3g9IjAgMCAxNCAxNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4gICAgICAgIDx0aXRsZT5Hcm91cCA2PC90aXRsZT4gICAgPGRlc2M+Q3JlYXRlZCB3aXRoIFNrZXRjaC48L2Rlc2M+ICAgIDxkZWZzPjwvZGVmcz4gICAgPGcgaWQ9IlBhZ2UtMSIgc3Ryb2tlPSJub25lIiBzdHJva2Utd2lkdGg9IjEiIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+ICAgICAgICA8ZyBpZD0iNS4xIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgtMjUuMDAwMDAwLCAtNTI1LjAwMDAwMCkiPiAgICAgICAgICAgIDxnIGlkPSJHcm91cC02IiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgyNC4wMDAwMDAsIDUyNC4wMDAwMDApIj4gICAgICAgICAgICAgICAgPHBvbHlnb24gaWQ9IlNoYXBlIiBwb2ludHM9IjAgMCAxNiAwIDE2IDE2IDAgMTYiPjwvcG9seWdvbj4gICAgICAgICAgICAgICAgPHBhdGggZD0iTTEzLjMzMzMzMzMsMS4zMzMzMzMzMyBDMTQuMDY2NjY2NywxLjMzMzMzMzMzIDE0LjY2NjY2NjcsMS45MzMzMzMzMyAxNC42NjY2NjY3LDIuNjY2NjY2NjcgTDE0LjY2NjY2NjcsMTAuNjY2NjY2NyBDMTQuNjY2NjY2NywxMS40IDE0LjA2NjY2NjcsMTIgMTMuMzMzMzMzMywxMiBMNCwxMiBMMS4zMzMzMzMzMywxNC42NjY2NjY3IEwxLjMzMzMzMzMzLDIuNjY2NjY2NjcgQzEuMzMzMzMzMzMsMS45MzMzMzMzMyAxLjkzMzMzMzMzLDEuMzMzMzMzMzMgMi42NjY2NjY2NywxLjMzMzMzMzMzIEwxMy4zMzMzMzMzLDEuMzMzMzMzMzMgWiBNNS4zMzMzMzMzMyw3LjMzMzMzMzMzIEM1LjcwMTUyMzE3LDcuMzMzMzMzMzMgNiw3LjAzNDg1NjUgNiw2LjY2NjY2NjY3IEM2LDYuMjk4NDc2ODMgNS43MDE1MjMxNyw2IDUuMzMzMzMzMzMsNiBDNC45NjUxNDM1LDYgNC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDQuNjY2NjY2NjcsNi42NjY2NjY2NyBDNC42NjY2NjY2Nyw3LjAzNDg1NjUgNC45NjUxNDM1LDcuMzMzMzMzMzMgNS4zMzMzMzMzMyw3LjMzMzMzMzMzIFogTTgsNy4zMzMzMzMzMyBDOC4zNjgxODk4Myw3LjMzMzMzMzMzIDguNjY2NjY2NjcsNy4wMzQ4NTY1IDguNjY2NjY2NjcsNi42NjY2NjY2NyBDOC42NjY2NjY2Nyw2LjI5ODQ3NjgzIDguMzY4MTg5ODMsNiA4LDYgQzcuNjMxODEwMTcsNiA3LjMzMzMzMzMzLDYuMjk4NDc2ODMgNy4zMzMzMzMzMyw2LjY2NjY2NjY3IEM3LjMzMzMzMzMzLDcuMDM0ODU2NSA3LjYzMTgxMDE3LDcuMzMzMzMzMzMgOCw3LjMzMzMzMzMzIFogTTEwLjY2NjY2NjcsNy4zMzMzMzMzMyBDMTEuMDM0ODU2NSw3LjMzMzMzMzMzIDExLjMzMzMzMzMsNy4wMzQ4NTY1IDExLjMzMzMzMzMsNi42NjY2NjY2NyBDMTEuMzMzMzMzMyw2LjI5ODQ3NjgzIDExLjAzNDg1NjUsNiAxMC42NjY2NjY3LDYgQzEwLjI5ODQ3NjgsNiAxMCw2LjI5ODQ3NjgzIDEwLDYuNjY2NjY2NjcgQzEwLDcuMDM0ODU2NSAxMC4yOTg0NzY4LDcuMzMzMzMzMzMgMTAuNjY2NjY2Nyw3LjMzMzMzMzMzIFoiIGlkPSJDb21iaW5lZC1TaGFwZSIgZmlsbD0iI0ZGRkZGRiIgZmlsbC1ydWxlPSJub256ZXJvIj48L3BhdGg+ICAgICAgICAgICAgPC9nPiAgICAgICAgPC9nPiAgICA8L2c+PC9zdmc+ yHTAZeApn5rh6Uzfx06Gv6eHdM34YL W1zcp5YuPDw8mIQDVCH2uQY7qs2ejdZj5LIgIz4CbQ0wg53rlwE7DDQM6MNUgZLnzNmMSMfFrpE7 tgLRb4bjuZVA8xvQ9uHNs8UtpBIOiUcagzvtKyyfCofk5U5sNb54GgVVYxa6p4A1ObdJv1jjlUOnzR8keX5LsAM4Ia7xeqiFh0GER4l0ulVChy eWzIsJF4PExQap9HK6Vlz8DGlgGwoiLCtyOEK0Bfu 2615a07ce9fef80683d211dad896d073 c682b8144a8dd52bc1ad63 8a3c4b262d721acd49a4bf97d5213199c86fa2b9 2438bce1ddb7bd026d5ff89f598b3b5e5bb824b3 EOTHbvqh0vwM2ldM2QIXbjVw0hZNuZEJLqdWmfTBLLSvGfqgyy9GKvjGybIxyGMd7gHXCXVtymqFQHS cc2751449a350f668590264ed76692694a80308a PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB2aWV3Qm94PSIwIDAgMTYwIDMzIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxNjAgMzM7IiB4bWw6c3BhY2U9InByZXNlcnZlIj48c3R5bGUgdHlwZT0idGV4dC9jc3MiPi5zdDB7ZmlsbDojMkQyRDJEO308L3N0eWxlPjxnPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik00OS42LDE0LjZjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMiwwLjQtMC40LDAuOS0wLjQsMS41YzAsMC43LDAuMSwxLjIsMC40LDEuNWMwLjIsMC4zLDAuNiwwLjUsMSwwLjVjMC41LDAsMC45LTAuMSwxLjEtMC40YzAuMi0wLjMsMC40LTAuOCwwLjQtMS40di0wLjJjMC0wLjctMC4xLTEuMy0wLjQtMS42QzUwLjUsMTQuNyw1MC4xLDE0LjYsNDkuNiwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04Ni4zLDE3LjNjLTAuMiwwLjEtMC40LDAuNS0wLjcsMS4xYy0wLjMsMC42LTAuMywwLjktMC4yLDFjMC4xLDAuMSwwLjUsMC4yLDEuMSwwLjJjMC4zLDAsMC41LDAsMC43LDBjMC4xLDAsMC4zLDAsMC41LDBjMC4yLDAsMC4zLTAuMSwwLjQtMC4xYzAuMS0wLjEsMC4yLTAuMSwwLjMtMC4yYzAuMS0wLjEsMC4yLTAuMiwwLjItMC40bDAuOC0xLjdsLTEuOCwwQzg2LjksMTcuMSw4Ni41LDE3LjEsODYuMywxNy4zeiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik04MC42LDExLjNsLTIuNCwwbC0xLjQsMy4ybDIuNCwwYzAuNywwLDEuMi0wLjEsMS41LTAuM2MwLjMtMC4yLDAuNi0wLjUsMC44LTFsMC40LTAuOGMwLjItMC40LDAuMi0wLjcsMC0wLjlDODEuNiwxMS40LDgxLjIsMTEuMyw4MC42LDExLjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTQzLjksMTQuNmMtMC40LDAtMC43LDAuMS0xLDAuNGMtMC4yLDAuMi0wLjQsMC42LTAuNCwxaDIuNmMwLTAuNC0wLjEtMC44LTAuMy0xQzQ0LjYsMTQuNyw0NC4zLDE0LjYsNDMuOSwxNC42eiIvPjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yMC4yLDE0LjZjLTAuNSwwLTAuOSwwLjItMS4xLDAuNWMtMC4zLDAuMy0wLjQsMC44LTAuNCwxLjVjMCwwLjcsMC4xLDEuMiwwLjQsMS41YzAuMywwLjMsMC42LDAuNSwxLjEsMC41YzAuNSwwLDAuOS0wLjIsMS4xLTAuNWMwLjMtMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDMjEuMSwxNC44LDIwLjgsMTQuNiwyMC4yLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEwNy40LDEzLjdjLTAuNywwLTEuMiwwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjUsMy4zYy0wLjIsMC41LTAuMiwwLjgtMC4xLDFjMC4yLDAuMiwwLjYsMC4zLDEuMywwLjNjMC43LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjUtMy4zYzAuMi0wLjUsMC4yLTAuOCwwLjEtMUMxMDguNiwxMy44LDEwOC4yLDEzLjcsMTA3LjQsMTMuN3oiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTUuMywxMy4yYy0wLjMtMC4yLTAuOC0wLjMtMS40LTAuM0gxM3YyLjdoMC43YzAuNywwLDEuMi0wLjEsMS42LTAuM2MwLjMtMC4yLDAuNS0wLjYsMC41LTEuMUMxNS43LDEzLjgsMTUuNiwxMy41LDE1LjMsMTMuMnoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzQuMSwxNC42Yy0wLjQsMC0wLjcsMC4xLTEsMC40Yy0wLjIsMC4yLTAuNCwwLjYtMC40LDFoMi42YzAtMC40LTAuMS0wLjgtMC4zLTFDMzQuOCwxNC43LDM0LjUsMTQuNiwzNC4xLDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTU4LjcsMTQuNmMtMC41LDAtMC45LDAuMS0xLjEsMC40Yy0wLjIsMC4zLTAuMywwLjgtMC4zLDEuNmMwLDAuNywwLjEsMS4zLDAuNCwxLjZjMC4yLDAuMywwLjYsMC41LDEuMSwwLjVjMC41LDAsMC44LTAuMiwxLTAuNWMwLjItMC4zLDAuNC0wLjksMC40LTEuNWMwLTAuNy0wLjEtMS4yLTAuNC0xLjVDNTkuNiwxNC44LDU5LjIsMTQuNiw1OC43LDE0LjZ6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTE1Ni45LDAuMkgzLjFDMS40LDAuMiwwLDEuNiwwLDMuNHYyNi41QzAsMzEuNiwxLjQsMzMsMy4xLDMzaDE1My43YzEuNywwLDMuMS0xLjQsMy4xLTMuMVYzLjRDMTYwLDEuNiwxNTguNiwwLjIsMTU2LjksMC4yeiBNMTYsMTZjLTAuNSwwLjQtMS4zLDAuNi0yLjIsMC42SDEzdjIuOGgtMVYxMmgyYzEuOSwwLDIuOCwwLjcsMi44LDIuMkMxNi44LDE1LDE2LjUsMTUuNSwxNiwxNnogTTIyLjIsMTguN2MtMC41LDAuNS0xLjEsMC44LTEuOSwwLjhjLTAuNSwwLTEtMC4xLTEuMy0wLjRjLTAuNC0wLjItMC43LTAuNi0wLjktMWMtMC4yLTAuNC0wLjMtMS0wLjMtMS41YzAtMC45LDAuMi0xLjYsMC43LTIuMWMwLjUtMC41LDEuMS0wLjgsMS45LTAuOGMwLjgsMCwxLjQsMC4zLDEuOSwwLjhjMC41LDAuNSwwLjcsMS4yLDAuNywyLjFDMjIuOCwxNy41LDIyLjYsMTguMiwyMi4yLDE4Ljd6IE0yOS42LDE5LjRoLTEuMWwtMS0zLjJjLTAuMS0wLjItMC4xLTAuNS0wLjMtMWMtMC4xLDAuNC0wLjIsMC44LTAuMywxbC0xLDMuMmgtMS4xbC0xLjUtNS42aDEuMWwwLDAuMWMwLjMsMS40LDAuNiwyLjQsMC44LDMuMWMwLjEsMC40LDAuMiwwLjgsMC4yLDFjMC0wLjEsMC4xLTAuMiwwLjEtMC4zYzAuMS0wLjMsMC4yLTAuNSwwLjItMC43bDEtMy4yaDFsMSwzLjJjMC4xLDAuNCwwLjIsMC43LDAuMywxYzAsMCwwLTAuMSwwLTAuMWMwLjEtMC4yLDAuNC0xLjYsMS00bDAtMC4xaDEuMUwyOS42LDE5LjR6IE0zNi40LDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE00MC44LDE0LjdsLTAuMSwwYy0wLjIsMC0wLjQtMC4xLTAuNi0wLjFjLTAuNCwwLTAuOCwwLjItMSwwLjVjLTAuMywwLjMtMC40LDAuOC0wLjQsMS4zdjNoLTF2LTUuNmgwLjlsMC4xLDAuOGMwLjItMC4zLDAuNC0wLjUsMC42LTAuNmMwLjMtMC4yLDAuNi0wLjMsMS0wLjNjMC4yLDAsMC41LDAsMC43LDAuMWwwLjEsMEw0MC44LDE0Ljd6IE00Ni4yLDE2LjloLTMuN2MwLDAuNiwwLjIsMSwwLjUsMS4zYzAuMywwLjMsMC43LDAuNSwxLjIsMC41YzAuNiwwLDEuMS0wLjEsMS43LTAuNGwwLjEtMC4xdjFsLTAuMSwwYy0wLjMsMC4xLTAuNiwwLjItMC44LDAuM2MtMC4zLDAuMS0wLjYsMC4xLTEsMC4xYy0wLjgsMC0xLjUtMC4zLTItMC44Yy0wLjUtMC41LTAuNy0xLjItMC43LTIuMWMwLTAuOSwwLjItMS42LDAuNy0yLjFjMC40LTAuNSwxLjEtMC44LDEuOC0wLjhjMC43LDAsMS4zLDAuMiwxLjcsMC43YzAuNCwwLjUsMC42LDEuMSwwLjYsMS44VjE2Ljl6IE01Mi4xLDE5LjRoLTAuOWwtMC4xLTAuNmMtMC40LDAuNS0xLDAuNy0xLjcsMC43Yy0wLjcsMC0xLjMtMC4zLTEuNy0wLjhjLTAuNC0wLjUtMC42LTEuMi0wLjYtMi4xYzAtMC45LDAuMi0xLjYsMC42LTIuMWMwLjQtMC41LDEtMC44LDEuNy0wLjhjMC43LDAsMS4yLDAuMiwxLjYsMC43bDAtMC4xbDAtMC40bDAtMi4zaDFWMTkuNHogTTYwLjYsMTguN2MtMC40LDAuNS0xLDAuOC0xLjcsMC44Yy0wLjQsMC0wLjctMC4xLTEtMC4yYy0wLjMtMC4xLTAuNS0wLjMtMC43LTAuNUw1NywxOS40aC0wLjh2LTcuOWgxdjJjMCwwLjMsMCwwLjYsMCwwLjljMC40LTAuNCwwLjktMC43LDEuNi0wLjdjMC43LDAsMS4zLDAuMywxLjcsMC44YzAuNCwwLjUsMC42LDEuMiwwLjYsMi4xQzYxLjIsMTcuNSw2MSwxOC4yLDYwLjYsMTguN3ogTTY0LjUsMjAuMWMtMC4yLDAuNi0wLjUsMS4xLTAuOCwxLjNjLTAuMywwLjMtMC43LDAuNC0xLjIsMC40Yy0wLjMsMC0wLjUsMC0wLjgtMC4xbC0wLjEsMHYtMC45bDAuMSwwYzAuMiwwLDAuNCwwLjEsMC42LDAuMWMwLjUsMCwwLjktMC4zLDEuMS0wLjlsMC4zLTAuN2wtMi4yLTUuNWgxLjFsMS4yLDMuMmMwLjIsMC41LDAuMywwLjksMC40LDEuMmMwLTAuMiwwLjEtMC4zLDAuMi0wLjZjMC4xLTAuNCwwLjYtMS43LDEuMy0zLjhsMC0wLjFoMS4xTDY0LjUsMjAuMXogTTgxLjUsMjFsLTMuMiwwbC0xLTQuNmwtMS4zLDBsLTIsNC42TDcxLDIxbDUuMi0xMS43bDUuMywwYzEuNSwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNiwxLDAuMiwxLjlsLTAuOSwyLjFjLTAuMywwLjctMC44LDEuMy0xLjUsMS42Yy0wLjcsMC40LTEuNCwwLjYtMi4yLDAuN0w4MS41LDIxeiBNODcuNiwyMWwwLjQtMC44Yy0wLjMsMC4zLTAuNywwLjYtMS4yLDAuN2MtMC40LDAuMi0xLjEsMC4yLTIuMSwwLjJjLTEuMiwwLTEuOS0wLjItMi4xLTAuNWMtMC4yLTAuNC0wLjEtMS4xLDAuNC0yLjNjMC41LTEsMS0xLjgsMS42LTIuMmMwLjYtMC40LDEuNC0wLjYsMi40LTAuNmwzLDBsMC4zLTAuNmMwLjItMC41LDAuMy0wLjksMC4xLTEuMWMtMC4yLTAuMi0wLjctMC4zLTEuNC0wLjNjLTAuNywwLTEuOCwwLjEtMy4yLDAuMmwwLjctMS43YzEuMS0wLjEsMi4yLTAuMiwzLjQtMC4yYzEuNiwwLDIuNiwwLjIsMy4xLDAuNmMwLjUsMC40LDAuNCwxLjItMC4xLDIuM2wtMi43LDZMODcuNiwyMXogTTk5LDIxbC03LjksMGwwLjYtMS40bDYuOS01LjZsLTQuMiwwbDAuOC0xLjdsNy42LDBsLTAuNiwxLjRsLTYuOSw1LjZsNC41LDBMOTksMjF6IE0xMDgsMjAuNGMtMC40LDAuMi0wLjgsMC40LTEuMywwLjVjLTAuNSwwLjEtMC45LDAuMi0xLjMsMC4yYy0wLjQsMC0wLjgsMC0xLjMsMGMtMC41LDAtMC45LDAtMS4zLDBjLTAuMywwLTAuNy0wLjEtMS4xLTAuMmMtMC40LTAuMS0wLjYtMC4zLTAuOC0wLjVjLTAuMi0wLjItMC4yLTAuNS0wLjItMC45YzAtMC40LDAuMS0wLjksMC40LTEuNWwxLjEtMi42YzAuMy0wLjYsMC42LTEuMSwxLTEuNWMwLjQtMC40LDAuOC0wLjgsMS4xLTFjMC40LTAuMiwwLjgtMC40LDEuMy0wLjVjMC41LTAuMSwwLjktMC4yLDEuMy0wLjJjMC40LDAsMC44LDAsMS4zLDBjMC41LDAsMC45LDAsMS4yLDBjMC4zLDAsMC43LDAuMSwxLjEsMC4yYzAuNCwwLjEsMC42LDAuMywwLjgsMC41YzAuMiwwLjIsMC4zLDAuNiwwLjIsMWMwLDAuNC0wLjEsMC45LTAuNCwxLjVMMTEwLDE4Yy0wLjMsMC42LTAuNiwxLTAuOSwxLjVDMTA4LjcsMTkuOSwxMDguMywyMC4yLDEwOCwyMC40eiBNMTA5LjgsMjFsMy45LTguN2wyLjUsMGwtMC43LDEuNWMwLjItMC40LDAuNi0wLjgsMS4zLTEuMmMwLjYtMC40LDEuMi0wLjUsMS44LTAuNWwwLjksMGwtMSwyLjJsLTAuOSwwYy0wLjcsMC0xLjMsMC4xLTEuOCwwLjNjLTAuNSwwLjItMC44LDAuNi0xLjEsMS4xbC0yLjMsNS4yTDEwOS44LDIxeiBNMTI0LjYsMjAuNWMtMC44LDAuNC0xLjgsMC43LTMuMSwwLjdjLTAuOCwwLTEuNC0wLjEtMS43LTAuMmMtMC4zLTAuMS0wLjUtMC40LTAuNC0wLjlsLTIuMSw0LjZsLTIuNiwwbDUuNi0xMi41bDIuNSwwbC0wLjQsMC45YzAuMy0wLjQsMC44LTAuNywxLjMtMC44YzAuNS0wLjIsMS4yLTAuMiwyLjEtMC4yYzAuNywwLDEuMywwLjEsMS43LDAuMmMwLjQsMC4xLDAuNywwLjMsMC44LDAuNmMwLjEsMC4zLDAuMSwwLjYsMC4xLDAuOWMtMC4xLDAuMy0wLjIsMC44LTAuNSwxLjNsLTEuMywyLjlDMTI2LDE5LjIsMTI1LjMsMjAuMSwxMjQuNiwyMC41eiBNMTMxLjgsMjFsMC40LTAuOGMtMC4zLDAuMy0wLjcsMC42LTEuMiwwLjdjLTAuNCwwLjItMS4xLDAuMi0yLjEsMC4yYy0xLjIsMC0xLjktMC4yLTIuMS0wLjVjLTAuMi0wLjQtMC4xLTEuMSwwLjQtMi4zYzAuNS0xLDEtMS44LDEuNi0yLjJjMC42LTAuNCwxLjQtMC42LDIuNC0wLjZsMywwbDAuMy0wLjZjMC4yLTAuNSwwLjMtMC45LDAuMS0xLjFjLTAuMi0wLjItMC43LTAuMy0xLjQtMC4zYy0wLjcsMC0xLjgsMC4xLTMuMiwwLjJsMC43LTEuN2MxLjEtMC4xLDIuMi0wLjIsMy40LTAuMmMxLjYsMCwyLjYsMC4yLDMuMSwwLjZjMC41LDAuNCwwLjQsMS4yLTAuMSwyLjNsLTIuNyw2TDEzMS44LDIxeiBNMTM3LjcsMjQuOGwtMi43LDBsMy4zLTMuOGwwLjQtOC43bDIuOSwwbC0wLjgsNi4ybDQuNS02LjJsMi43LDBMMTM3LjcsMjQuOHoiLz48cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjUsMTcuM2MtMC4yLDAuMS0wLjQsMC41LTAuNywxLjFjLTAuMywwLjYtMC4zLDAuOS0wLjIsMWMwLjEsMC4xLDAuNSwwLjIsMS4xLDAuMmMwLjMsMCwwLjUsMCwwLjcsMGMwLjEsMCwwLjMsMCwwLjUsMGMwLjIsMCwwLjMtMC4xLDAuNC0wLjFjMC4xLTAuMSwwLjItMC4xLDAuMy0wLjJjMC4xLTAuMSwwLjItMC4yLDAuMi0wLjRsMC44LTEuN2wtMS44LDBDMTMxLjEsMTcuMSwxMzAuNywxNy4xLDEzMC41LDE3LjN6Ii8+PHBhdGggY2xhc3M9InN0MCIgZD0iTTEyMy45LDEzLjdjLTAuNywwLTEuMywwLjEtMS42LDAuM2MtMC4zLDAuMi0wLjYsMC41LTAuOCwxbC0xLjQsMy4yYy0wLjIsMC41LTAuMywwLjktMC4xLDFjMC4xLDAuMiwwLjYsMC4zLDEuNCwwLjNjMC44LDAsMS4zLTAuMSwxLjYtMC4zYzAuMy0wLjIsMC42LTAuNSwwLjgtMWwxLjQtMy4yYzAuMy0wLjYsMC4zLTAuOSwwLjItMS4xQzEyNS4zLDEzLjgsMTI0LjgsMTMuNywxMjMuOSwxMy43eiIvPjwvZz48L3N2Zz4=
安全提示信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: androidmads/library/qrgenearator/QRGSaver.java, line(s) 18,27 co/paystack/android/TransactionManager.java, line(s) 64,99,111,120,129,141,390 co/paystack/android/model/Charge.java, line(s) 52 co/paystack/android/ui/AddressVerificationActivity$loadStates$1.java, line(s) 77,124 co/paystack/android/utils/Logger.java, line(s) 11,21 com/cashfree/pg/base/logger/CFLoggerService.java, line(s) 56,35,49,63,42 com/cashfree/pg/core/hidden/nfc/NfcCardReader.java, line(s) 25,65 com/cashfree/pg/core/hidden/nfc/parser/EmvParser.java, line(s) 299 com/cashfree/pg/core/hidden/nfc/utils/EnumUtils.java, line(s) 15 com/cashfree/pg/image_caching/cache/DiskLruCache.java, line(s) 110 com/cashfree/pg/ui/hidden/nfc/NfcCardReader.java, line(s) 25,65 com/cashfree/pg/ui/hidden/nfc/parser/EmvParser.java, line(s) 299 com/cashfree/pg/ui/hidden/nfc/utils/EnumUtils.java, line(s) 15 com/clash/legends/ui/activities/AboutusActivity.java, line(s) 101 com/clash/legends/ui/activities/AddMoneyActivity.java, line(s) 164,178,185,241,277,386,429,225,280,336,378,388,391,398,400,421,431,434,441,443,484 com/clash/legends/ui/activities/AnnouncementActivity.java, line(s) 110 com/clash/legends/ui/activities/ChooseLanguageActivity.java, line(s) 123,133,148,158,104 com/clash/legends/ui/activities/CreateNewAccount.java, line(s) 250,282,284,348,373,394,408,432,457,390,482,497,411 com/clash/legends/ui/activities/CustomerSupportActivity.java, line(s) 127 com/clash/legends/ui/activities/FirstActivity.java, line(s) 146,226,82,108 com/clash/legends/ui/activities/FriendsActivity.java, line(s) 63,151,71,159 com/clash/legends/ui/activities/HowtoActivity.java, line(s) 191,122 com/clash/legends/ui/activities/JoiningMatch.java, line(s) 144,217,478,178,493,512 com/clash/legends/ui/activities/LeaderboardActivity.java, line(s) 109 com/clash/legends/ui/activities/LotteryActivity.java, line(s) 132 com/clash/legends/ui/activities/LudoActivity.java, line(s) 359,414,628,351,408,596,606,760 com/clash/legends/ui/activities/LudoChatActivity.java, line(s) 79,114,226,126 com/clash/legends/ui/activities/LudoLeaderBoardActivity.java, line(s) 64,72 com/clash/legends/ui/activities/LudoNotificationActivity.java, line(s) 60,68 com/clash/legends/ui/activities/MainActivity.java, line(s) 229,237,246,248,369,393,419,515,520,521,522,524,527,571,596,749,776,797,864,345,400,578,793,814,871,496,549,968 com/clash/legends/ui/activities/MyOrderActivity.java, line(s) 164,118 com/clash/legends/ui/activities/MyProfileActivity.java, line(s) 316,323,450,588,604,619,647,697,921,961,1040,1061,251,423,654,759,957,1047 com/clash/legends/ui/activities/MyReferralsActivity.java, line(s) 135 com/clash/legends/ui/activities/MyRewardedActivity.java, line(s) 102 com/clash/legends/ui/activities/MyStatisticsActivity.java, line(s) 118 com/clash/legends/ui/activities/MyWalletActivity.java, line(s) 277,374,218,249 com/clash/legends/ui/activities/OfflinePaymentActivity.java, line(s) 44 com/clash/legends/ui/activities/OtpVerifyActivity.java, line(s) 129,146,148,196,224,249,274,200 com/clash/legends/ui/activities/ProductActivity.java, line(s) 115 com/clash/legends/ui/activities/ProductOrderActivity.java, line(s) 268,145,278 com/clash/legends/ui/activities/ReferandEarnActivity.java, line(s) 151 com/clash/legends/ui/activities/SelectMatchPositionActivity.java, line(s) 99,100,188,209,226,227,196 com/clash/legends/ui/activities/SelectedGameActivity.java, line(s) 168 com/clash/legends/ui/activities/SelectedLanguageActivity.java, line(s) 112,139,149,93 com/clash/legends/ui/activities/SelectedLotteryActivity.java, line(s) 148 com/clash/legends/ui/activities/SelectedMyContestActivity.java, line(s) 152,177,204,327,333,339,342,352,355,491,591,696,840,870,882,911,927,930,938,1022,1030,1043,1049,1054,1059,1070,1119,1156,1192,1202,1212,1229,1265,1268,469,569,674,850,889,1112,1135,1239,1079 com/clash/legends/ui/activities/SelectedResultActivity.java, line(s) 178 com/clash/legends/ui/activities/SelectedTournamentActivity.java, line(s) 163,120 com/clash/legends/ui/activities/SingleProductActivity.java, line(s) 120 com/clash/legends/ui/activities/TermsandConditionActivity.java, line(s) 122 com/clash/legends/ui/activities/TopPlayerActivity.java, line(s) 145,167,121,210 com/clash/legends/ui/activities/TronActivity.java, line(s) 82 com/clash/legends/ui/activities/WatchAndEarnActivity.java, line(s) 184,203,297,302,156,261 com/clash/legends/ui/activities/WebActivity.java, line(s) 145,172,195 com/clash/legends/ui/activities/WithdrawMoneyActivity.java, line(s) 212,375,112,351 com/clash/legends/ui/adapters/LotteryAdapter.java, line(s) 130 com/clash/legends/ui/adapters/LudoLivematchAdapter.java, line(s) 254,232 com/clash/legends/ui/adapters/LudoMychallengelistAdapter.java, line(s) 265,395,424,437,402 com/clash/legends/ui/fragments/EarnFragment.java, line(s) 103,219 com/clash/legends/ui/fragments/FragmentSelectedTournamentDescription.java, line(s) 318,350,183,327 com/clash/legends/ui/fragments/FragmentSelectedTournamentJoinedeMember.java, line(s) 58 com/clash/legends/ui/fragments/MeFragment.java, line(s) 378,385,497,511 com/clash/legends/ui/fragments/MyContestLudoFragment.java, line(s) 165,217,173 com/clash/legends/ui/fragments/OnGoingFragment.java, line(s) 96 com/clash/legends/ui/fragments/OnGoingLudoFragment.java, line(s) 155,203,163 com/clash/legends/ui/fragments/OngoingLotteryFragment.java, line(s) 112,85 com/clash/legends/ui/fragments/PlayFragment.java, line(s) 150,219,278,367,476,528,206,354,453,504 com/clash/legends/ui/fragments/ResultFragment.java, line(s) 101 com/clash/legends/ui/fragments/ResultLotteryFragment.java, line(s) 111,84 com/clash/legends/ui/fragments/ResultLudoFragment.java, line(s) 157,205,165 com/clash/legends/ui/fragments/UpcomingFragment.java, line(s) 107 com/clash/legends/utils/FirebaseNotificationService.java, line(s) 55 com/clash/legends/utils/InstallReceivernew.java, line(s) 22 com/clash/legends/utils/NotificationSender.java, line(s) 113,44,40 com/github/amlcurran/showcaseview/ShowcaseAreaCalculator.java, line(s) 20 com/github/amlcurran/showcaseview/targets/ActionBarViewWrapper.java, line(s) 35,38,49,52,84 com/instamojo/android/Instamojo.java, line(s) 76 com/instamojo/android/helpers/Logger.java, line(s) 10 com/nineoldandroids/animation/PropertyValuesHolder.java, line(s) 150,184,232,250,252,270,272,308,310,438,440,528,530 com/onesignal/debug/internal/logging/Logging.java, line(s) 192,202,223,195,189,198 com/onesignal/notifications/internal/badges/impl/shortcutbadger/ShortcutBadger.java, line(s) 62,129,138,61,98,105,128,111 com/paypal/android/sdk/a.java, line(s) 57 com/paypal/android/sdk/ax.java, line(s) 112 com/paypal/android/sdk/ci.java, line(s) 14,25 com/paypal/android/sdk/cm.java, line(s) 66,77,142,146 com/paypal/android/sdk/cq.java, line(s) 48,79,44,62,71 com/paypal/android/sdk/cw.java, line(s) 52,53,54 com/paypal/android/sdk/d.java, line(s) 127,131 com/paypal/android/sdk/e.java, line(s) 27 com/paypal/android/sdk/eg.java, line(s) 26 com/paypal/android/sdk/eh.java, line(s) 35 com/paypal/android/sdk/ek.java, line(s) 140 com/paypal/android/sdk/em.java, line(s) 29 com/paypal/android/sdk/er.java, line(s) 20 com/paypal/android/sdk/gc.java, line(s) 30,41 com/paypal/android/sdk/gl.java, line(s) 47 com/paypal/android/sdk/payments/PayPalAuthorization.java, line(s) 74 com/paypal/android/sdk/payments/PayPalConfiguration.java, line(s) 63,91 com/paypal/android/sdk/payments/PayPalFuturePaymentActivity.java, line(s) 42,49,53,97,102 com/paypal/android/sdk/payments/PayPalItem.java, line(s) 29,156 com/paypal/android/sdk/payments/PayPalPayment.java, line(s) 79,86,262 com/paypal/android/sdk/payments/PayPalPaymentDetails.java, line(s) 84 com/paypal/android/sdk/payments/PayPalProfileSharingActivity.java, line(s) 66,71 com/paypal/android/sdk/payments/PayPalService.java, line(s) 181,247,253,450 com/paypal/android/sdk/payments/PaymentActivity.java, line(s) 43,50,55,102,107 com/paypal/android/sdk/payments/PaymentConfirmActivity.java, line(s) 349,127,276 com/paypal/android/sdk/payments/PaymentConfirmation.java, line(s) 62 com/paypal/android/sdk/payments/ProofOfPayment.java, line(s) 86 com/paypal/android/sdk/payments/ShippingAddress.java, line(s) 41,131 com/paypal/android/sdk/payments/bu.java, line(s) 35,45,52 com/paypal/android/sdk/payments/ca.java, line(s) 19 com/paypal/android/sdk/payments/cg.java, line(s) 116,238,252,275,289,304,331 com/paypal/android/sdk/payments/d.java, line(s) 184 com/paypal/android/sdk/payments/m.java, line(s) 397,156 com/paypal/android/sdk/payments/z.java, line(s) 25,32,16 com/payu/crashlogger/e.java, line(s) 75,78 com/payu/custombrowser/a.java, line(s) 329 com/payu/custombrowser/util/c.java, line(s) 753 com/payu/custombrowser/util/e.java, line(s) 9,23,17 com/payu/otpassist/utils/a.java, line(s) 15,19,24 com/payu/otpassist/viewmodel/a.java, line(s) 445 com/payu/otpassist/viewmodel/b.java, line(s) 17 com/payu/otpparser/a.java, line(s) 8,13 com/payu/socketverification/socket/SocketHandler.java, line(s) 72,94,109 com/payu/socketverification/util/a.java, line(s) 8,9 com/payu/upisdk/a.java, line(s) 335 com/payu/upisdk/util/a.java, line(s) 8,9 com/payu/upisdk/util/c.java, line(s) 117,114 com/razorpay/AppSignatureHelper.java, line(s) 50,38,53 com/razorpay/CheckoutPresenterImpl.java, line(s) 787,789 com/razorpay/Logger.java, line(s) 28,32,16,44,48,12,20,24,36,40 in/juspay/godel/analytics/GodelTracker.java, line(s) 157,213,236 in/juspay/godel/ui/JuspayBrowserFragment.java, line(s) 1830,1840,3134,2177,2188 in/juspay/godel/ui/OnScreenDisplay.java, line(s) 821 in/juspay/godel/util/JuspayLogger.java, line(s) 25,31,36,40,51,45 io/card/payment/CardIOActivity.java, line(s) 141,362,368,193,238,296,452,523,113,129,134,178,366,187,390,405,437,454,544,593 io/card/payment/CardScanner.java, line(s) 69,70,71,72,75,77,112,323,94,156,159,181,294,298,333,346,66,81,84,87,225,212,89,153,164,201,210,262,311,342,415,438 io/card/payment/OverlayView.java, line(s) 258 io/card/payment/Util.java, line(s) 98,42,60,66,86 io/card/payment/i18n/I18nManager.java, line(s) 73,83,87,108,50,140,144 io/github/douglasjunior/androidSimpleTooltip/SimpleTooltip.java, line(s) 284
安全提示信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/clash/legends/ui/activities/ReferandEarnActivity.java, line(s) 4,181 com/clash/legends/ui/activities/SelectedMyContestActivity.java, line(s) 7,537,1339 com/clash/legends/ui/activities/TronActivity.java, line(s) 4,111 com/clash/legends/ui/activities/bep20Activity.java, line(s) 4,111 com/clash/legends/ui/fragments/FragmentSelectedTournamentDescription.java, line(s) 6,218,225 com/razorpay/RzpAssist.java, line(s) 5,324
安全提示信息 应用与Firebase数据库通信
该应用与位于 https://clash-legends-ed15b-default-rtdb.firebaseio.com 的 Firebase 数据库进行通信
已通过安全项 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: co/paystack/android/api/ApiClient.java, line(s) 37,37 co/paystack/android/api/utils/TLSSocketFactory.java, line(s) 29,28,30,27,27 co/paystack/android/mobilemoney/data/api/PaystackApiFactory.java, line(s) 42,42 com/cashfree/pg/network/POSTApiWithSSLPin.java, line(s) 37,35,34,34,60,60,61,61,62,77 com/instamojo/android/network/ServiceGenerator.java, line(s) 32,25 com/paypal/android/sdk/bq.java, line(s) 62,29,61,57,60,60 com/paypal/android/sdk/ce.java, line(s) 37,59,36,58,54,35,35,57,57 in/juspay/godel/core/RestClient.java, line(s) 329,58 in/juspay/godel/util/JuspayTrustManager.java, line(s) 44,45,110,37,35,35 io/socket/engineio/client/transports/PollingXHR.java, line(s) 327,206
已通过安全项 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/cashfree/pg/base/util/RootUtil.java, line(s) 31,15,19,19,19,19,19,19,9 com/cashfree/pg/cf_analytics/context/CFOSContext.java, line(s) 18 com/paypal/android/sdk/at.java, line(s) 10 com/paypal/android/sdk/az.java, line(s) 9,9 in/juspay/godel/util/SessionInfo.java, line(s) 344,348
已通过安全项 Firebase远程配置已禁用
Firebase远程配置URL ( https://firebaseremoteconfig.googleapis.com/v1/projects/308774198121/namespaces/firebase:fetch?key=AIzaSyDs0v2i2rOVx1XDPCL0CAtNCOgvUvnCrXg ) 已禁用。响应内容如下所示:
{
"state": "NO_TEMPLATE"
}
综合安全基线评分总结
Clash Legends v0.0.1
Android APK
47
综合安全评分
中风险