search

programmin1 / Repeater-START-android

An Android port of the Linux open repeater offline repeater database app.
GNU General Public License v2.0
5 stars 2 forks source link

Cryptographic APIs misuses #10

Closed misterAnderson90 closed 2 years ago

misterAnderson90 commented 2 years ago

I'm a PhD student interested in finding security vulnerabilities in open source projects.

We found a total of 09 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on Repeater-START-android (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).

Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve Repeater-START-android's security, and the quality of the reports of static analysis tools.

(*) https://github.com/CROSSINGTUD/CryptoAnalysis

programmin1 commented 2 years ago

Sounds interesting, please share?

programmin1 commented 2 years ago

@misterAnderson90 I did not receive anything. You may use contact at hearham.live

to email me. Also, I have updated various libraries recently so please see if this issue, whatever it is, is still in the latest?

misterAnderson90 commented 2 years ago

Hello @programmin1,

I just sent you the e-mail with private gists. All warnings are related to the libraries okio and okhttp. Please let me know your perceptions about the value of these kinds of warnings.