New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cryptographic APIs misuses in Volley on Android #532
Comments
Hello. Yes please share them with me. When you say "01 warnings", you really mean "1" ? Or did you forget a digit ? |
Hello. So you're talking about the Android app, I thought you were talking about the main C project. @vhoyet Do you have an opinion about what to do about this? |
Hello, the warning seems hard to locate. I can't find any direct use of com.android.volley.InternalUtils in the app. It might be used internally by other methods from com.android.volley, maybe it should be pointed to android developpers then, since these methods don't raise any warning ? I guess if we can locate it, it should be enough to encode the parameter to any of {SHA-256, SHA-384, SHA-512}. |
I'm a PhD student interested in finding security vulnerabilities in open source projects.
We found a total of 01 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on hwloc (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).
Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve hwloc's security, and the quality of the reports of static analysis tools.
(*) https://github.com/CROSSINGTUD/CryptoAnalysis
The text was updated successfully, but these errors were encountered: