search

talsec / Free-RASP-Android

Library for improving app security and threat monitoring on Android mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
152 stars 12 forks source link

StrictMode violation #44

Open alexandre-thauvin opened 1 week ago

alexandre-thauvin commented 1 week ago

Describe the bug Using version 11.1.1 of freeRASP making emulators get the ANR which has been fixed in version 11.1.3. This ANR was because of StrictMode violation. Despite this ANR not happening anymore in version 11.1.3, the StrictMode violation still occurs (cf logs)

To Reproduce Integrate freeRASP as normal integration

If you don't have the bug with a sample app I suggest to do some disk/file operations then you should have it

Expected behavior No StrictMode violation

Screenshots If applicable, add screenshots to help explain your problem.

Please complete the following information:

Additional context Logs:

D  StrictMode policy violation: android.os.strictmode.LeakedClosableViolation: A resource was acquired at attached stack trace but never released. See java.io.Closeable for information on avoiding resource leaks.
                                                                                                        at android.os.StrictMode$AndroidCloseGuardReporter.report(StrictMode.java:2007)
                                                                                                        at dalvik.system.CloseGuard.warnIfOpen(CloseGuard.java:336)
                                                                                                        at java.io.FileInputStream.finalize(FileInputStream.java:662)
                                                                                                        at java.lang.Daemons$FinalizerDaemon.doFinalize(Daemons.java:370)
                                                                                                        at java.lang.Daemons$FinalizerDaemon.processReference(Daemons.java:350)
                                                                                                        at java.lang.Daemons$FinalizerDaemon.runInternal(Daemons.java:322)
                                                                                                        at java.lang.Daemons$Daemon.run(Daemons.java:131)
                                                                                                        at java.lang.Thread.run(Thread.java:1012)
                                                                                                    Caused by: java.lang.Throwable: Explicit termination method 'close' not called
                                                                                                        at dalvik.system.CloseGuard.openWithCallSite(CloseGuard.java:288)
                                                                                                        at dalvik.system.CloseGuard.open(CloseGuard.java:257)
                                                                                                        at java.io.FileInputStream.<init>(FileInputStream.java:195)
                                                                                                        at java.util.Scanner.<init>(Scanner.java:645)
                                                                                                        at com.fingerprintjs.android.fingerprint.info_providers.CpuInfoProviderImpl.getCpuInfo(CpuInfoProvider.kt:63)
                                                                                                        at com.fingerprintjs.android.fingerprint.info_providers.CpuInfoProviderImpl.access$getCpuInfo(CpuInfoProvider.kt:33)
                                                                                                        at com.fingerprintjs.android.fingerprint.info_providers.CpuInfoProviderImpl$cpuInfo$1.invoke(CpuInfoProvider.kt:36)
                                                                                                        at com.fingerprintjs.android.fingerprint.info_providers.CpuInfoProviderImpl$cpuInfo$1.invoke(CpuInfoProvider.kt:36)
                                                                                                        at com.fingerprintjs.android.fingerprint.tools.ExceptionSafeExecutorKt.executeSafe(ExceptionSafeExecutor.kt:9)
                                                                                                        at com.fingerprintjs.android.fingerprint.info_providers.CpuInfoProviderImpl.cpuInfo(CpuInfoProvider.kt:36)
                                                                                                        at com.fingerprintjs.android.fingerprint.fingerprinting_signals.FingerprintingSignalsProvider$procCpuInfoSignal$2.invoke(FingerprintingSignalsProvider.kt:146)
                                                                                                        at com.fingerprintjs.android.fingerprint.fingerprinting_signals.FingerprintingSignalsProvider$procCpuInfoSignal$2.invoke(FingerprintingSignalsProvider.kt:145)
                                                                                                        at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
                                                                                                        at com.fingerprintjs.android.fingerprint.fingerprinting_signals.FingerprintingSignalsProvider.getProcCpuInfoSignal(FingerprintingSignalsProvider.kt:145)
                                                                                                        at com.aheaditec.talsec.security.r0.b(SourceFile:8)
                                                                                                        at com.aheaditec.talsec.security.r0.a(SourceFile:27)
                                                                                                        at com.aheaditec.talsec.security.r0$$ExternalSyntheticLambda0.run(D8$$SyntheticClass:0)
msikyna commented 1 week ago

Hello @alexandre-thauvin , thank you for reporting the issue. We will look at it.

Kind regards, Talsec team

SirionRazzer commented 1 day ago

Hi @alexandre-thauvin , We found out this originated in the fingerprintjs code and reported it to creators. https://github.com/fingerprintjs/fingerprintjs-android/issues/118 Best regards, Tomas