Open misterAnderson90 opened 2 years ago
Thank you for reporting this. plz share your gist with me and @clangenb
Hello @brenzi and @clangenb
Could you please send me your email addresses to share the gists? I couldn't find a way to share private gists with you. If you prefer, I can share them here.
please feel free to share the gist publicly here. We still have time to fix it before production use
Hello @brenzi and @clangenb,
I'm sharing with you the documented gist. Due to code obfuscation, I couldn't find the class and method with the problem. I tried to assemble the debug version of the app but it didn't work for me.
I hope this warning could be helpful for you.
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found one warning (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on encounter-wallet-flutter (or its library dependencies). We documented this issue in a private gist for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve encounter-wallet-flutter's security, and the quality of the reports of static analysis tools.
(*) https://github.com/CROSSINGTUD/CryptoAnalysis