talsec / Free-RASP-Cordova

Cordova plugin for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
19 stars 6 forks source link

Issue with threatListener Not Triggering After WebView Reload #19

Closed expcapitaldev closed 1 year ago

expcapitaldev commented 1 year ago

Hello,

Thank you for developing such a valuable product. I am reaching out to discuss a potential issue observed in the threatListener behavior after a WebView reload.

Issue Description: Upon initializing the SDK, we can observe certain threats being detected and handled by threatListener. However, if the WebView is reloaded (observed on both iOS and Android), it appears that only new threats (I hope) are being listened for, while previous ones are not.

Expected Behavior: It might be beneficial to have all threats (including previous ones) re-triggered upon WebView reload to ensure comprehensive threat management.

Potential Solution: Considering we have a JavaScript implementation, perhaps a mechanism to trigger all threats again upon WebView reload could be explored to ensure no threats are missed in subsequent sessions.

Additional Context: SDK Version: 5.4.0 Platform: iOS and Android

Steps to Reproduce: window.location.reload(); // or manually from Devtools

Your insights and feedback on this matter would be greatly appreciated. Looking forward to your response and potential solutions to enhance the reliability of threat management in the system.

tompsota commented 1 year ago

Hello @expcapitaldev,

As the native freeRASP SDK is not bind to WebView, it is not affected by the WebView reload and does not trigger the checks again, so as a result you are not receiving these callbacks again. We see that this is a limitation and will explore possibilities of caching the checks for freeRASP, so they can be retrieved even after the initial start and eventually after WebView reload. However, Talsec offers also businessRASP, which has option to trigger all the checks on demand. I believe this is the exact functionality you are requesting. You can read more about the commercial offer here.

Best, Tomas, Talsec developer

expcapitaldev commented 1 year ago

thanks, I think I can close current issue