bg7yoz
commented
11 months ago Hi,Chris.
非常高兴能看到关于FT8CN安全漏洞的问题。目前我在开发FT8CN仅仅是关注功能的实现,没有注意安全的问题,在这方面我不是专家,很希望能提出关于安全方面的建议。
我没有用过Qark,我会抽出时间学习一下。我看了您提交的Report.odt,其中最多的是“WARNING Logging found”,这个是FT8CN的调试信息,是FT8CN有意输出的。“INFO Potential API Key found”,是osmdroid地图文件,我试试看能不能修改一下。 关于安全方面的问题,您能否给出具体的修改意见?
非常感谢!
bg7yoz
chrisdebian
Hi, all.
FT8CN looks like a really interesting application, for amateur radio, so I thought i'd have a quick look at it, with Qark. I was surprised to see quite a few warning/ issues with the code, many of which seemed to be security issues. I was unable to upload the html report file, produced by Qark, so have copied it, here. Please note that the URLs in the report are obviously pointing to a local directory, so will not resolve. For more detail, run the report yourself.
Would it be possible for the developers to run Qark on the application, and to comment on the issues? Qark Report.odt
Many thanks,
Chris.