Cryptographic APIs misuses #248
Comments
|
Thank you for reporting this. plz share your gist with me and @clangenb |
|
please feel free to share the gist publicly here. We still have time to fix it before production use |
|
I'm sharing with you the documented gist. Due to code obfuscation, I couldn't find the class and method with the problem. I tried to assemble the debug version of the app but it didn't work for me. I hope this warning could be helpful for you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found one warning (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on encounter-wallet-flutter (or its library dependencies). We documented this issue in a private gist for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve encounter-wallet-flutter's security, and the quality of the reports of static analysis tools.
(*) https://github.com/CROSSINGTUD/CryptoAnalysis
The text was updated successfully, but these errors were encountered: