talsec / Free-RASP-Cordova

Cordova plugin for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
19 stars 6 forks source link

Encounter error when isProd is set to "false" #20

Closed foonjs closed 11 months ago

foonjs commented 1 year ago

Describe the bug Got this error message in logcat from Android build. Seems to only happen when isProd is set to "false". It was fine when it is set to "true".

Talsec logging failed first time with CURLEcode: 28 Error Response was:

Cordova-Talsec: v5.4.0

Expected behavior Should throw a message to my application indicating the error.

Screenshots image

Please complete the following information:

msikyna commented 1 year ago

Hello @foonjs , the message means, that the log into the logging endpoint timed out. It is a normal behaviour if there is some malfunction on the logging side.

When you have isProd set to false, you are using debug version of the SDK, which contains also some logcat information such as the one you are describing.

Kind regards, Talsec team

foonjs commented 1 year ago

Hi @msikyna , it works fine in emulator but this issue seems to persist if i build "isProd = false" to an actual device. Is this intended?

msikyna commented 1 year ago

Hello @foonjs , is there any chance that the device could have slow internet connection? As the CURL 28 signifies timeout.

foonjs commented 1 year ago

Hi @msikyna . Yes it was due to slow internet connection, but it still encountering white screen on app launch. Upon further debugging, system stops running after "taslec.start(config, threatListener)" is called and the ThreatListener is not listening at all.

This issue is still happening when i have "isProd" set to false and build to a real device.

tompsota commented 1 year ago

Hi @foonjs,

white screen could be caused by incorrect setup of freeRASP. Could you share with us how you initialize freeRASP along with your watcherMail/package name either here or by mail to support@talsec.app? For reference, you can check our implementation in the hello app here.

Thanks.

Tomas, Talsec developer

foonjs commented 1 year ago

Hi @tompsota . The setup i have on my current application is similar to the demo hello app.

I am just wondering whether simulator/emulator behaves differently compared to an actual device?

Emulator/Simulator works just fine when isProd is set to false or true (managed to prompt intended threat messages). Actual device will encounter white screen when isProd is set to false (with no message shows up). But works fine if isProd is set to true (managed to prompt threat messages).

tompsota commented 1 year ago

Hi @foonjs,

no, simulator/emulator should behave the same as the real device. It is possible that this problem occurs only on certain devices / version of Android, as we couldn't reproduce it with our test devices.

Please, email us your watcher mail, package name, and actual device model with Android version to support@talsec.app, so we can take a look at it in detail.

Thanks, Tomas, Talsec developer

foonjs commented 1 year ago

Hi @tompsota , i have sent an email to Talsec support using another email account. I have also noticed that the "targetSdkVersion" documented is targeting 31 (Android 12). Does this mean Talsec is not supporting Android 13 as of now?

msikyna commented 1 year ago

Hello @foonjs , we will look at the sent info, thank you! Regarding the question, Talsec fully supports Android 13.

Kind regards, Talsec team

tompsota commented 1 year ago

Hi @foonjs,

the targetSdkVersion in docs is just the minimal supported version. We will update the docs in the next release to make it more clear. Regarding the white screen, we didn't find anything irregular in the logs. Unfortunately, we do not have the exact test devices available at the moment, so we are unable to verify the bug.

To rule out misconfiguration, could you please try running our demo app (inside the hello folder)? Does that project encounter white screen for you as well?

Kind regards, Talsec team

foonjs commented 11 months ago

Hi @tompsota , sorry for the late reply.

I have tested the demo app in hello folder and it worked just fine where isProd=true/false. It seems like my device no longer encounter the CURL 28 error. The reason why my app was facing white screen was due to a mishandling on the callback function that initialises Talsec.

Thanks for the help. Cheers!