search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 22 forks source link

Suggestion: Sync implementation or "not detected" callbacks #20

Closed monoblaine closed 2 years ago

monoblaine commented 2 years ago

Is there any way to make the checks synchronous or convert those onXDetected callbacks to functions that return Futures? Even adding a onXNotDetected callback for each check would be great. Thanks.

talsec-app commented 2 years ago

Hello @monoblaine,

Such capabilities are available only in the commercial Talsec RASP. Unfortunately, it is not possible in freeRASP. All checks are asynchronous in the freeRASP and the application gets the information about the detected threats via callbacks.

The commercial version provides various types of reactions in contrast with the freeRASP. Whether the check is executed asynchronously is dependent on the customer’s preferences. For example, in the case of the App Integrity, it’s highly recommended to make this check critical and blocking; the application is then killed nearly instantly by the library. Checks in the commercial version are also executed with a custom strategy for better results. This is all part of the custom library configuration.

Checks in the freeRASP version are considered as non-critical and non-blocking. The application should react to the threats freeRASP has detected as it’s not designed to control the flow of the application (ie. open dialog after all checks passed).

Contact Sergiy (syakymchuk@talsec.app) to get more info about the commercial version.

Kind regards, Talsec Team

monoblaine commented 2 years ago

Thanks for the detailed info.