The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.
Examples:
iOS App Transport Security (ATS) issues:
I suggest issue codes based on the triggered expression.
Insecure communication to xxx.xxx.xxx is allowed -> Either NSTemporaryExceptionAllowsInsecureHTTPLoads or NSExceptionAllowsInsecureHTTPLoads
NSIncludesSubdomains set to TRUE for xxx.xxx.xxx -> NSIncludesSubdomainsAllowed
NSExceptionMinimumTLSVersion set to TLSv1.1 on xxx.xxx.xxx -> NSExceptionMinimumTLSVersion11
...
Issues in other sections do not contain contextual information (or provide a field like name in the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.
The JSON reporting API should be extended so that parsing to distinguish different issues is no longer necessary. Introducing such issue codes would greatly simplify machine processing.
Examples:
iOS App Transport Security (ATS) issues: I suggest issue codes based on the triggered expression.
Issues in other sections do not contain contextual information (or provide a field like name in the Android manifest analysis) afaik. However, it is desirable to use a one-word code instead of a sentence - the former is imho less likely to be edited.