Closed git2321231 closed 1 year ago
I see a similar report when I upload a new ipa to the mobsf scanner.
Labeling based on the report above.
Please refer to https://docs.flutter.dev/reference/security-false-positives
This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v
and a minimal reproduction of the issue.
After creating an empty project with Flutter and packing it into an IPA file, I used MobSF security tool to scan the IPA package, and two high-risk security vulnerabilities were reported:
They violated the following standards: 1. CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8
2. CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8
How can we solve these two problems? My company requires all produced apps to pass MobSF security detection...
MobSF report Link: https://mobsf.live/static_analyzer_ios/?name=blank_project.ipa&checksum=f395c7607d45a971981b05cd74e307a3&type=ipa#binary_code_analysis