安全分析报告:
安全分数
安全分数 43/100
风险评级
等级
- A
- B
- C
- F
严重性分布 (%)
隐私风险
0
用户/设备跟踪器
调研结果
高危
9
中危
23
信息
4
安全
3
关注
4
高危 应用程序容易受到 Janus 漏洞的影响
应用程序使用 v1 签名方案进行签名,如果仅使用 v1 签名方案进行签名,则在 Android 5.0-8.0 上容易受到 Janus 漏洞的影响。在使用 v1 和 v2/v3 方案签名的 Android 5.0-7.0 上运行的应用程序也容易受到攻击。
高危 基本配置不安全地配置为允许到所有域的明文流量。
Scope: *
高危 域配置不安全地配置为允许明文流量到达范围内的这些域。
Scope: 127.0.0.1 0.0.0.0
高危 Activity (com.alipay.sdk.app.AlipayResultActivity) 容易受到StrandHogg 2.0的攻击
已发现活动存在 StrandHogg 2.0 栈劫持漏洞的风险。漏洞利用时,其他应用程序可以将恶意活动放置在易受攻击的应用程序的活动栈顶部,从而使应用程序成为网络钓鱼攻击的易受攻击目标。可以通过将启动模式属性设置为“singleInstance”并设置空 taskAffinity (taskAffinity="") 来修复此漏洞。您还可以将应用的目标 SDK 版本 (28) 更新到 29 或更高版本以在平台级别修复此问题。
高危 应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。
应用程序使用带PKCS5/PKCS7填充的加密模式CBC。此配置容易受到填充oracle攻击。 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: be/appmire/flutterkeychain/AesStringEncryptor.java, line(s) 63 com/seven/movie/cachemovie/m3u8download/DownloadInfo.java, line(s) 214,221 com/seven/movie/commonsdk/utils/AesUtil.java, line(s) 58,65 com/video/editor/m3u8/DecryptTs.java, line(s) 21
高危 不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击
不安全的Web视图实现。Web视图忽略SSL证书错误并接受任何SSL证书。此应用程序易受MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#webview-server-certificate-verification Files: com/seven/movie/ad/mvp/ui/activity/WebViewActivity.java, line(s) 131,130 com/seven/movie/commonres/widget/dialog/AnnouncementDialog.java, line(s) 96,95 com/seven/movie/dialog/view/CommunityNoticePopView.java, line(s) 196,195 com/seven/movie/dialog/view/HomeNoticePopView.java, line(s) 226,225 com/seven/movie/dialog/view/UpdateDialog.java, line(s) 278,277 com/seven/movie/dialog/view/UpgradeDialog.java, line(s) 283,282 com/seven/movie/share/mvp/ui/fragment/BaseWebViewFragment.java, line(s) 185,183
高危 如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击
如果一个应用程序使用WebView.loadDataWithBaseURL方法来加载一个网页到WebView,那么这个应用程序可能会遭受跨站脚本攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-7 Files: com/seven/movie/dialog/view/HomeNoticePopView.java, line(s) 263,10,11 com/seven/movie/dialog/view/UpdateDialog.java, line(s) 313,11,12 com/seven/movie/dialog/view/UpgradeDialog.java, line(s) 318,8,9 com/seven/movie/share/mvp/ui/fragment/BaseWebViewFragment.java, line(s) 380,22,23
高危 使用弱加密算法
使用弱加密算法 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: com/seven/movie/commonsdk/utils/DesUtil.java, line(s) 32,40
高危 默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
默认情况下,调用Cipher.getInstance("AES")将返回AES ECB模式。众所周知,ECB模式很弱,因为它导致相同明文块的密文相同
https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-block-cipher-mode
Files:
io/rx_cache2/internal/encrypt/BuiltInEncryptor.java, line(s) 45,47
中危 应用程序数据可以被备份
[android:allowBackup=true] 这个标志允许任何人通过adb备份你的应用程序数据。它允许已经启用了USB调试的用户从设备上复制应用程序数据。
中危 Service (com.seven.movie.cachemovie.m3u8download.DownloadService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.seven.movie.cachemovie.cache.CacheForegroundService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Broadcast Receiver (com.seven.movie.cachemovie.cache.NotificationBroadcastReceiver) 未被保护。
存在一个intent-filter。 发现 Broadcast Receiver与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Broadcast Receiver是显式导出的。
中危 Activity (com.alipay.sdk.app.PayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.alipay.sdk.app.AlipayResultActivity) 未被保护。
[android:exported=true] 发现 Activity与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Service (com.bdkit.bdkit.BDService) 未被保护。
[android:exported=true] 发现 Service与设备上的其他应用程序共享,因此可被设备上的任何其他应用程序访问。
中危 Activity (com.seven.movie.splash.mvp.ui.activity.Splash1Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.seven.movie.splash.mvp.ui.activity.Splash2Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.seven.movie.splash.mvp.ui.activity.Splash3Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.seven.movie.splash.mvp.ui.activity.Splash4Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 Activity (com.seven.movie.splash.mvp.ui.activity.Splash5Activity) 未被保护。
存在一个intent-filter。 发现 Activity与设备上的其他应用程序共享,因此让它可以被设备上的任何其他应用程序访问。intent-filter的存在表明这个Activity是显式导出的。
中危 应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据
应用程序可以读取/写入外部存储器,任何应用程序都可以读取写入外部存储器的数据 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#external-storage Files: com/cgfay/scan/utils/FileUtils.java, line(s) 355 com/common/use/util/FileIOUtils.java, line(s) 583,599 com/common/use/util/PathUtils.java, line(s) 125,129,133,137,141,145,149,153,157,161,169,171,66,70,74,78,82,86,90,94,98,102,110,112,179 com/common/use/util/SDCardUtils.java, line(s) 10,15,20,25,50 com/common/use/util/StorageUtils.java, line(s) 17,32 com/common/use/util/UCodeUtil.java, line(s) 19,37 com/danikula/videocache/file/SDCardUtils.java, line(s) 10,15,20,25,50 com/danikula/videocache/file/strategy/FileHelper.java, line(s) 15 com/danikula/videocache/log/LogUtil.java, line(s) 95,98 com/danikula/videocache/server/StorageUtils.java, line(s) 23,40 com/example/imagegallerysaver/ImageGallerySaverPlugin.java, line(s) 133 com/feedback/lib/utils/e.java, line(s) 51,211 com/gen/mh/webapp_extensions/WebApplication.java, line(s) 19 com/gen/mh/webapp_extensions/matisse/internal/utils/MediaStoreCompat.java, line(s) 97,92 com/gen/mh/webapp_extensions/matisse/internal/utils/PathUtils.java, line(s) 22 com/gen/mh/webapp_extensions/unity/Share.java, line(s) 82 com/gen/mh/webapp_extensions/views/player/custom/PreviewUtils.java, line(s) 20 com/gen/mh/webapps/utils/FileUtils.java, line(s) 533 com/gen/mh/webapps/utils/UdidUtils.java, line(s) 139 com/gen/mh/webapps/views/DefaultWebChromeClient.java, line(s) 103 com/iceteck/silicompressorr/SiliCompressor.java, line(s) 65,130,134 com/jess/arms/utils/DataHelper.java, line(s) 99,158 com/jess/arms/utils/DeviceUtils.java, line(s) 255,496 com/lxj/xpopup/util/XPopupUtils.java, line(s) 260 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/ChooseVideoImpl.java, line(s) 158 com/mh/webappStart/util/Constants.java, line(s) 8 com/mh/webappStart/util/FileUtils.java, line(s) 11,26 com/okdl/movie/download/M3U8ParallelDloader.java, line(s) 408 com/okdl/movie/download/log/LogDownloadUtil.java, line(s) 99,102 com/seven/movie/ad/link/SystemDownload.java, line(s) 53 com/seven/movie/cachemovie/cache/CacheMovieManager.java, line(s) 60,64,68,72 com/seven/movie/cachemovie/m3u8download/M3u8DownManager.java, line(s) 188 com/seven/movie/common/component/service/LogService.java, line(s) 81,103,336,346 com/seven/movie/common/utils/SaveVideoUtils.java, line(s) 19,20 com/seven/movie/common/utils/UriUtils.java, line(s) 46 com/seven/movie/commonres/utils/AssetsUtil.java, line(s) 60 com/seven/movie/commonres/utils/BitmapUtil.java, line(s) 102,121,232,275 com/seven/movie/commonres/utils/FileUtil.java, line(s) 72,170,187,203,213,229,311,322,327 com/seven/movie/commonsdk/utils/CrashUtils.java, line(s) 165 com/seven/movie/commonsdk/utils/LogFileUtil.java, line(s) 95,98 com/seven/movie/commonservice/utils/UCodeUtil.java, line(s) 25,43,55 com/seven/movie/dialog/view/UpdateDialog.java, line(s) 155 com/seven/movie/fb/sdkimpl/utils/LogCtl.java, line(s) 102,107,112 com/seven/movie/hotfix/apk/ApkCtl.java, line(s) 210 com/seven/movie/player/mvp/ui/widget/log/LogPlayerUtil.java, line(s) 95,98 com/seven/movie/player/mvp/uitls/PreviewUtils.java, line(s) 26 com/seven/movie/search/img/SelectImg.java, line(s) 107 com/seven/movie/smallweb/mvp/ui/activity/SmallWebActivity.java, line(s) 189 com/seven/movie/splash/mvp/presenter/startuptask/LoadIpfsTask.java, line(s) 50 com/seven/movie/starlive/app/service/LiveBizServiceImpl.java, line(s) 268 com/seven/movie/update/app/service/ApkLibrary.java, line(s) 208 com/seven/movie/update/app/service/ApkUpgradeCtl.java, line(s) 139 com/seven/movie/update/app/service/UpdateServiceImpl.java, line(s) 173 com/seven/movie/uploadfilm/log/LogCtl.java, line(s) 102,107,112 com/taobao/gcanvas/audio/GAudioPlayer.java, line(s) 63,64,115,116 com/vector/update_app/UpdateAppManager.java, line(s) 430,438 com/video/editor/ffmpeg/VideoEditor.java, line(s) 326 com/yalantis/ucrop/util/FileUtils.java, line(s) 55 com/yalantis1/ucrop1/PictureMultiCuttingActivity.java, line(s) 119,183 com/yalantis1/ucrop1/util/FileUtils.java, line(s) 55 org/dync/zxinglibrary/decod/Utils.java, line(s) 30 vn/hunghd/flutter/plugins/imagecropper/FileUtils.java, line(s) 33
中危 文件可能包含硬编码的敏感信息,如用户名、密码、密钥等
文件可能包含硬编码的敏感信息,如用户名、密码、密钥等 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-memory-for-sensitive-data-mstg-storage-10 Files: cn/hutool/cache/impl/CacheObj.java, line(s) 47 cn/hutool/core/lang/Pair.java, line(s) 31 cn/hutool/core/lang/tree/TreeNodeConfig.java, line(s) 14,10,11,12 cn/hutool/json/serialize/TemporalAccessorSerializer.java, line(s) 14,15,16,17,18,19,20 com/amazonaws/auth/CognitoCachingCredentialsProvider.java, line(s) 27,30,26,28,29 com/amazonaws/auth/policy/conditions/ConditionFactory.java, line(s) 8,9,10,11,12,13,14 com/amazonaws/auth/policy/conditions/S3ConditionFactory.java, line(s) 10,11,12,14,15,8,9,13 com/amazonaws/internal/keyvaluestore/AWSKeyValueStore.java, line(s) 152,149 com/amazonaws/internal/keyvaluestore/KeyProvider18.java, line(s) 27 com/amazonaws/mobileconnectors/cognito/internal/storage/SQLiteLocalStorage.java, line(s) 47 com/amazonaws/mobileconnectors/s3/transferutility/TransferObserver.java, line(s) 136 com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 30,36 com/amazonaws/services/s3/Headers.java, line(s) 23,28,65 com/amazonaws/services/s3/model/S3ObjectSummary.java, line(s) 72 com/common/use/util/FileNameUtil.java, line(s) 13 com/danikula/videocache/entity/HlsPlayConstant.java, line(s) 13 com/danikula/videocache/file/FileNameUtil.java, line(s) 13 com/feedback/lib/data/db/ChatOrderDB.java, line(s) 20 com/feedback/lib/data/db/IMDB.java, line(s) 22 com/gen/mh/webapp_extensions/activities/WebAppActivity.java, line(s) 24,27,28,29,36 com/gen/mh/webapp_extensions/task/Task.java, line(s) 74 com/gen/mh/webapp_extensions/utils/CryptoHelper.java, line(s) 18 com/hjq/permissions/StartActivityManager.java, line(s) 11 com/idlefish/flutterboost/FlutterBoostPlugin.java, line(s) 22 com/idlefish/flutterboost/containers/FlutterActivityLaunchConfigs.java, line(s) 4 com/jess/arms/utils/DeviceUtils.java, line(s) 54 com/mh/webappStart/android_plugin_impl/callback/JsCallBackKeys.java, line(s) 6 com/okdl/movie/download/database/DBHelper.java, line(s) 11 com/seven/movie/ad/app/service/ADBizServiceImpl.java, line(s) 29 com/seven/movie/ad/app/service/AdLoader.java, line(s) 25,26,27 com/seven/movie/cachemovie/m3u8download/DownloadInfo.java, line(s) 17 com/seven/movie/common/adapter/multi/MultiTypePosterHelper.java, line(s) 17,18 com/seven/movie/common/hview/precache/PreDB.java, line(s) 24 com/seven/movie/common/model/HBaseModel.java, line(s) 21 com/seven/movie/commondata/entity/PlateColumnManager.java, line(s) 28,31,34,37,40 com/seven/movie/commondata/redpoint/BadgeManager.java, line(s) 13 com/seven/movie/commonres/utils/DelayDataHelper.java, line(s) 14 com/seven/movie/commonres/utils/SetCacheDataManager.java, line(s) 20 com/seven/movie/commonres/utils/data/UploadCommunityUtils.java, line(s) 18 com/seven/movie/commonsdk/BuildConfig.java, line(s) 9 com/seven/movie/commonsdk/core/EventBusHub.java, line(s) 168,26,30,27,272 com/seven/movie/commonsdk/core/RouterHub.java, line(s) 79,76 com/seven/movie/commonsdk/utils/AesUtil.java, line(s) 13,14 com/seven/movie/commonservice/api/ApiConstant.java, line(s) 228,441,270,151,68 com/seven/movie/commonservice/cache/MMKVSessionManager.java, line(s) 39 com/seven/movie/commonservice/community/bean/rep/CommunityTypeItem.java, line(s) 92 com/seven/movie/commonservice/community/bean/rep/PageResponse.java, line(s) 384 com/seven/movie/commonservice/operation/bean/PlayLog.java, line(s) 83 com/seven/movie/commonservice/player/bean/AddressInfoq.java, line(s) 71 com/seven/movie/commonservice/sys/AppLanguage.java, line(s) 20 com/seven/movie/commonservice/utils/MoneyUtils.java, line(s) 14 com/seven/movie/commonservice/utils/UuidEncryptUtils.java, line(s) 6 com/seven/movie/community/app/service/PostsSessionSingleton.java, line(s) 23 com/seven/movie/im/mvp/model/db/ChatOrderDB.java, line(s) 21 com/seven/movie/im/mvp/model/db/IMDB.java, line(s) 25 com/seven/movie/im/mvp/model/db/mrg/ChatListMgr.java, line(s) 26,32 com/seven/movie/im/mvp/model/db/mrg/ChatMgr.java, line(s) 42,48 com/seven/movie/lvideo/mvp/model/data/SVideoAdDataManager.java, line(s) 22,25 com/seven/movie/net/global/CryptoHelper.java, line(s) 22,27,33 com/seven/movie/net/global/entity/BodyReq.java, line(s) 6 com/seven/movie/net/global/entity/HRequestHeader.java, line(s) 11 com/seven/movie/operation/app/service/CollectEventService.java, line(s) 26 com/seven/movie/operation/app/service/EventPointCtl.java, line(s) 34 com/seven/movie/operation/app/service/PlayLogEventService.java, line(s) 27 com/seven/movie/operation/app/service/SecondEventService.java, line(s) 26 com/seven/movie/search/mvp/model/HistoryUtils.java, line(s) 14 com/seven/movie/splash/mvp/presenter/startuptask/CheckLiquidlinkTask.java, line(s) 7 com/seven/movie/uploadfilm/mvp/model/data/UploadDataHelper.java, line(s) 11 com/seven/movie/user/mvp/model/api/ConstantApi.java, line(s) 15 com/tekartik/sqflite/Constant.java, line(s) 44 com/vector/update_app/UpdateAppManager.java, line(s) 29,30,31,27 com/vector/update_app/service/DownloadService.java, line(s) 28 com/video/editor/m3u8/HlsCtl.java, line(s) 31,33 io/rx_cache2/internal/Locale.java, line(s) 5 io/rx_cache2/internal/cache/Action.java, line(s) 9 org/dync/zxinglibrary/utils/Intents.java, line(s) 67 org/java_websocket/drafts/Draft_6455.java, line(s) 53 org/jsoup/helper/W3CDom.java, line(s) 118 org/jsoup/nodes/DocumentType.java, line(s) 11,12,14 vn/hunghd/flutter/plugins/imagecropper/ImageCropperDelegate.java, line(s) 20
中危 可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息
可能存在跨域漏洞。在 WebView 中启用从 URL 访问文件可能会泄漏文件系统中的敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#static-analysis-6 Files: com/flutter/star/plugins/webviewflutter/FlutterWebView.java, line(s) 63,59 com/gen/mh/webapp_extensions/activities/OpenWebActivity.java, line(s) 170,167 com/gen/mh/webapp_extensions/views/WebViewNativeView.java, line(s) 67,66 com/gen/mh/webapps/views/DefaultWebView.java, line(s) 143,137 com/seven/movie/ad/mvp/ui/activity/WebViewActivity.java, line(s) 88,86 com/seven/movie/commonres/widget/PMWebview.java, line(s) 42,44 com/seven/movie/commonres/widget/dialog/AnnouncementDialog.java, line(s) 80,78 com/seven/movie/dialog/view/CommunityNoticePopView.java, line(s) 180,178 com/seven/movie/dialog/view/HomeNoticePopView.java, line(s) 210,208 com/seven/movie/dialog/view/UpdateDialog.java, line(s) 262,260 com/seven/movie/dialog/view/UpgradeDialog.java, line(s) 267,265 com/seven/movie/pay/mvp/utils/Pay365JavaScriptInterface.java, line(s) 80,78
中危 不安全的Web视图实现。可能存在WebView任意代码执行漏洞
不安全的Web视图实现。可能存在WebView任意代码执行漏洞 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-javascript-execution-in-webviews-mstg-platform-5 Files: com/flutter/star/plugins/webviewflutter/FlutterWebView.java, line(s) 72,59 com/gen/mh/webapp_extensions/views/WebViewNativeView.java, line(s) 94,66 com/seven/movie/commonres/widget/PMWebview.java, line(s) 85,91,44 com/seven/movie/pay/mvp/utils/Pay365JavaScriptInterface.java, line(s) 92,78
中危 应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库
应用程序使用SQLite数据库并执行原始SQL查询。原始SQL查询中不受信任的用户输入可能会导致SQL注入。敏感信息也应加密并写入数据库 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04h-Testing-Code-Quality.md#injection-flaws-mstg-arch-2-and-mstg-platform-2 Files: com/amazonaws/mobileconnectors/cognito/internal/storage/SQLiteLocalStorage.java, line(s) 6,7,71,72,78,79,324,325,393,394,397,398,400,401,415,416 com/amazonaws/mobileconnectors/s3/transferutility/TransferTable.java, line(s) 3,54,78,79,80,81,82,86,90,94,98 com/danikula/videocache/sourcestorage/DatabaseSourceInfoStorage.java, line(s) 6,7,34 com/gen/mh/webapps/database/Table.java, line(s) 6,132,172,187,226 com/liulishuo/okdownload/core/breakpoint/BreakpointSQLiteHelper.java, line(s) 6,7,77,96,111,147,167,219 com/tekartik/sqflite/SqflitePlugin.java, line(s) 7,373,475 io/requery/android/database/sqlite/SQLiteDatabase.java, line(s) 1,7,8,9,26,563,567,1017
中危 MD5是已知存在哈希冲突的弱哈希
MD5是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/hutool/core/lang/UUID.java, line(s) 62 cn/hutool/core/lang/hash/KetamaHash.java, line(s) 27 com/amazonaws/services/s3/AmazonS3Client.java, line(s) 894 com/amazonaws/services/s3/internal/MD5DigestCalculatingInputStream.java, line(s) 20 com/amazonaws/util/Md5Utils.java, line(s) 20,48 com/andrognito/patternlockview/utils/PatternLockUtils.java, line(s) 56 com/common/use/util/FileNameUtil.java, line(s) 110 com/common/use/util/Md5Utils.java, line(s) 12,51 com/danikula/videocache/server/ProxyCacheUtils.java, line(s) 72 com/gen/mh/webapps/utils/MD5Utils.java, line(s) 47,55,13 com/gen/mh/webapps/utils/UdidUtils.java, line(s) 113 com/jess/arms/utils/ArmsUtils.java, line(s) 165 com/liulishuo/okdownload/core/Util.java, line(s) 154 com/seven/movie/cachemovie/util/Md5Util.java, line(s) 10 com/seven/movie/hotfix/tk/shareutil/SharePatchFileUtil.java, line(s) 359,380 org/seamless/util/io/MD5Crypt.java, line(s) 50,51,91
中危 IP地址泄露
IP地址泄露 Files: cn/hutool/core/net/Ipv4Util.java, line(s) 209,209,21,209,209,209,209,209 cn/hutool/core/net/MaskBit.java, line(s) 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41 cn/hutool/core/net/NetUtil.java, line(s) 48,177 cn/hutool/crypto/asymmetric/Sign.java, line(s) 176 cn/hutool/db/nosql/redis/RedisDS.java, line(s) 60 cn/hutool/extra/ssh/JschUtil.java, line(s) 134 com/common/use/util/NetworkUtils.java, line(s) 67 com/danikula/videocache/proxy/MatchM3U8.java, line(s) 33 com/danikula/videocache/proxy/MatchTs.java, line(s) 33 com/danikula/videocache/proxy/ProxyCacheDefaultManager.java, line(s) 75 com/danikula/videocache/server/HttpProxyCacheServer.java, line(s) 83,34 com/gen/mh/webapps/WebViewFragment.java, line(s) 955 com/gen/mh/webapps/WebViewLaunchFragment.java, line(s) 253,271 com/gen/mh/webapps/server/AndroidWorkServer.java, line(s) 38 com/gen/mh/webapps/utils/NetUtils.java, line(s) 61 com/seven/movie/pay/mvp/model/api/ProxyDao.java, line(s) 52 fi/iki/elonen/NanoHTTPD.java, line(s) 486
中危 应用程序使用不安全的随机数生成器
应用程序使用不安全的随机数生成器 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#weak-random-number-generators Files: cn/hutool/core/img/ColorUtil.java, line(s) 13 cn/hutool/core/img/ImgUtil.java, line(s) 47 cn/hutool/core/lang/id/NanoId.java, line(s) 5 cn/hutool/core/util/ArrayUtil.java, line(s) 26 cn/hutool/core/util/PrimitiveArrayUtil.java, line(s) 5 cn/hutool/core/util/RandomUtil.java, line(s) 20 com/amazonaws/retry/PredefinedRetryPolicies.java, line(s) 9 com/andrognito/patternlockview/utils/RandomUtils.java, line(s) 4 com/common/use/util/ArrayUtils.java, line(s) 10 com/common/use/util/RandomUtils.java, line(s) 3 com/feedback/lib/widget/badgeview/BadgeAnimator.java, line(s) 12 com/gen/mh/webapp_extensions/plugins/FileSavedPlugin.java, line(s) 31 com/gen/mh/webapp_extensions/utils/CryptoHelper.java, line(s) 7 com/gen/mh/webapps/utils/SysFreePort.java, line(s) 6 com/hjq/permissions/PermissionFragment.java, line(s) 16 com/seven/movie/ad/app/service/AdNavigation.java, line(s) 43 com/seven/movie/commonres/utils/NumberUtils.java, line(s) 25 com/seven/movie/commonres/widget/badgeview/BadgeAnimator.java, line(s) 12 com/seven/movie/lvideo/mvp/ui/widget/LVideoPageView.java, line(s) 65 com/seven/movie/pay/mvp/model/api/ProxyDao.java, line(s) 16 com/seven/movie/search/mvp/ui/fragment/SearchHistoryFragment.java, line(s) 39 com/vector/update_app/utils/ColorUtil.java, line(s) 6 org/java_websocket/drafts/Draft_6455.java, line(s) 15 org/jsoup/helper/DataUtil.java, line(s) 17 org/seamless/util/RandomToken.java, line(s) 4 org/seamless/util/io/MD5Crypt.java, line(s) 5
中危 SHA-1是已知存在哈希冲突的弱哈希
SHA-1是已知存在哈希冲突的弱哈希 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04g-Testing-Cryptography.md#identifying-insecure-andor-deprecated-cryptographic-algorithms-mstg-crypto-4 Files: cn/hutool/core/util/RandomUtil.java, line(s) 48 com/andrognito/patternlockview/utils/PatternLockUtils.java, line(s) 45 com/jess/arms/utils/ArmsUtils.java, line(s) 165 com/liulishuo/okdownload/core/Util.java, line(s) 154 com/seven/movie/cachemovie/util/Md5Util.java, line(s) 30 com/seven/movie/commonsdk/utils/Authpack.java, line(s) 9 dev/fluttercommunity/plus/packageinfo/PackageInfoPlugin.java, line(s) 113 io/rx_cache2/internal/encrypt/BuiltInEncryptor.java, line(s) 55 org/java_websocket/drafts/Draft_6455.java, line(s) 545 org/seamless/util/RandomToken.java, line(s) 11
中危 应用程序创建临时文件。敏感信息永远不应该被写进临时文件
应用程序创建临时文件。敏感信息永远不应该被写进临时文件 Files: cn/hutool/core/io/FileUtil.java, line(s) 506 cn/hutool/core/io/file/PathUtil.java, line(s) 332,334 cn/hutool/core/net/multipart/UploadFile.java, line(s) 134 com/eclipsesource/v8/NodeJS.java, line(s) 181 com/iceteck/silicompressorr/SiliCompressor.java, line(s) 130 com/seven/movie/common/utils/ZipManager.java, line(s) 262,438,511 com/soundcloud/android/crop/CropUtil.java, line(s) 74 fi/iki/elonen/NanoHTTPD.java, line(s) 294,898,994 xyz/luan/audioplayers/source/UrlSource.java, line(s) 116
中危 此应用可能包含硬编码机密信息
从应用程序中识别出以下机密确保这些不是机密或私人信息 凭证信息=> "com.pm.liquidlink.APP_KEY" : "lgiu92" 华为HMS Core 应用ID的=> "com.huawei.hms.client.appid" : "appid=101284161" "library_android_database_sqlcipher_authorWebsite" : "https://www.zetetic.net/sqlcipher/" 7f0e27f0e47f531b0723b0b6fb0722 919b6b41f2814f25b5e5fb7c64b03d67602dc07001e5d42aff525c743fdf8434a8b751a7849d5dafb3c3cda4309d739bbb86702214c110a4a431df6f3b8374fd 9778397bd097c36b0b6fc9274c91aa 7f0e397bd07f595b0b0bc920fb0722 97bd09801d98082c95f8e1cfcc920f 7f0e397bd097c36b0b6fc9210c8dc2 7f0e37f0e366aa89801eb072297c35 977837f0e37f14998082b0723b06bd 977837f0e37f14898082b0723b02d5 9778397bd097c36c9210c9274c920e 7f0e37f5307f595b0b0bc920fb0722 258EAFA5-E914-47DA-95CA-C5AB0DC85B11 97bd097bd07f595b0b6fc920fb0722 97b6b97bd19801ec9210c965cc920e B408A2A01174F062DABA060EDE98002B 7f07e7f0e47f531b0723b0b6fb0721 7f0e27f1487f531b0b0bb0b6fb0722 97bd097bd097c35b0b6fc920fb0722 9A04F079-9840-4286-AB92-E65BE0885F95 665f67f0e37f14898082b072297c35 977837f0e37f14998082b0787b0721 97b6b7f0e47f149b0723b0787b0721 97bcf97c359801ec95f8c965cc920f b005df5eda18803f28d02f18f7668b1a 9778397bd19801ec9210c9274c920e 97b6b97bd19801ec95f8c965cc920e 977837f0e37f149b0723b0787b0721 97bcf7f1487f531b0b0bb0b6fb0722 7ec967f0e37f14998082b0787b0721 665f67f0e37f1489801eb072297c35 7f07e7f0e37f14998083b0787b0721 9778397bd097c36b0b6fc9210c91aa 7f0e27f1487f595b0b0bb0b6fb0722 97bcf7f0e47f531b0b0bb0b6fb0722 17c0790c75a343a589c5979e694a32fd 7f0e36665b66aa89801e9808297c35 9778397bd197c36c9210c9274c91aa 7ec967f0e37f14898082b0723b02d5 9778397bd097c36c9210c9274c91aa 97bcf7f1487f595b0b0bb0b6fb0722 A2B55680-6F43-11E0-9A3F-0002A5D5C51B 97b6b7f0e47f531b0723b0b6fb0722 7f0e26665b66a449801e9808297c35 7f0e37f0e37f14898082b0723b02d5 0123456789ABCDEFGHJKLMNPQRTUWXY 97bcf97c3598082c95f8c965cc920f 7f0e397bd097c35b0b6fc9210c8dc2 7ec967f0e37f14998082b0787b06bd 665f67f0e37f14898082b0723b02d5 7f0e37f1487f595b0b0bb0b6fb0722 MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa2RJXMztrRlBgmjOSKk5mMaoWyiutw4QmFxUWsRlAvzsJdcxIICLfyMrNQyLc2V95K72VcmII8mMfgGwxiRsyP2QnjcL9OWCJ2pVSwvosvsAoQCiVSuLEeXKXD6IfHbr8UDew5RPRjJ8yqmPyvbBZPYrHU8U6S+Fir1KmrxmXHQIDAQAB 97bd07f1487f595b0b0bc920fb0722 7f0e37f0e37f14898082b072297c35 9778397bd097c36b0b70c9274c91aa 97bcf97c3598082c95f8e1cfcc920f 1768899009932f2df0169f99aca06f5ce75fbf66dc3 97b6b97bd19801ec9210c9274c920e 5Yqp6K6w6K+NIHBocmFzZSBQaHJhc2U= 7f07e7f0e37f14998082b0787b0721 a70f318a787706d612b83336acd4f297 7f07e7f0e47f531b0723b0b6fb0722 97bd0b06bdb0722c965ce1cfcc920f 7ec967f0e37f14998082b0723b06bd 97bd097bd097c36b0b6fc9210c8dc2 H3UM16TDFPSBZJ90CW28QYRE45AXKNGV7L 6d199bf69d07ffab8c264c70d3585b66 7f07e7f0e37f149b0723b0787b0721 0123456789ABCDEFGHJKLMNPQRSTUVWXYZ 977837f0e37f14998082b0787b06bd b027097bd097c36b0b6fc9274c91aa 97b6b7f0e47f531b0723b0b6fb0721 97b6b97bd197c36c9210c9274c920e 1f5cec6336a772cadf5e887eb1c9fea2675393c0986796f7628a72157b02643a9968518ee54f8171fcb074aa4bd75becc2284028c59c3a8a900d976760823105017beae3a3a1a31be16a18c0892fc1c9e05657ff16ad9c9e7888a6ce9a6fadde73ba4da0ec87a84267ed518da60978dbab3b97641c0f80f3385bf38873d35565 7f0e397bd07f595b0b6fc920fb0722 97b6b7f0e47f531b0723b0787b0721 97b6b97bd19801ec95f8c965cc920f 97bd07f5307f595b0b0bc920fb0722 7f0e36665b66a449801e9808297c35 7f07e7f0e47f149b0723b0787b0721 7f0e37f1487f531b0b0bb0b6fb0722 7f0e397bd097c35b0b6fc920fb0722 9778397bd097c36b0b6fc9210c8dc2 9778397bd19801ec9210c965cc920e YWJhbmRvbiBhYmlsaXR5IGFibGUgYWJvdXQgYWJvdmUgYWJzZW50IGFic29yYiBhYnN0cmFjdCBhYnN1cmQgYWJ1c2UgYWNjZXNzIGFjY2lkZW50IGFjY291bnQgYWNjdXNlIGFjaGlldmUgYWNpZCBhY291c3RpYyBhY3F1aXJlIGFjcm9zcyBhY3QgYWN0aW9uIGFjdG9yIGFjdHJlc3MgYWN0dWFsIGFkYXB0IGFkZCBhZGRpY3QgYWRkcmVzcyBhZGp1c3QgYWRtaXQgYWR1bHQgYWR2YW5jZSBhZHZpY2UgYWVyb2JpYyBhZmZhaXIgYWZmb3JkIGFmcmFpZCBhZ2FpbiBhZ2UgYWdlbnQgYWdyZWUgYWhlYWQgYWltIGFpciBhaXJwb3J0IGFpc2xlIGFsYXJtIGFsYnVtIGFsY29ob2wgYWxlcnQgYWxpZW4gYWxsIGFsbGV5IGFsbG93IGFsbW9zdCBhbG9uZSBhbHBoYSBhbHJlYWR5IGFsc28gYWx0ZXIgYWx3YXlzIGFtYXRldXIgYW1hemluZyBhbW9uZyBhbW91bnQgYW11c2VkIGFuYWx5c3QgYW5jaG9yIGFuY2llbnQgYW5nZXIgYW5nbGUgYW5ncnkgYW5pbWFsIGFua2xlIGFubm91bmNlIGFubnVhbCBhbm90aGVyIGFuc3dlciBhbnRlbm5hIGFudGlxdWUgYW54aWV0eSBhbnkgYXBhcnQgYXBvbG9neSBhcHBlYXIgYXBwbGUgYXBwcm92ZSBhcHJpbCBhcmNoIGFyY3RpYyBhcmVhIGFyZW5hIGFyZ3VlIGFybSBhcm1lZCBhcm1vciBhcm15IGFyb3VuZCBhcnJhbmdlIGFycmVzdCBhcnJpdmUgYXJyb3cgYXJ0IGFydGVmYWN0IGFydGlzdCBhcnR3b3JrIGFzayBhc3BlY3QgYXNzYXVsdCBhc3NldCBhc3Npc3QgYXNzdW1lIGFzdGhtYSBhdGhsZXRlIGF0b20gYXR0YWNrIGF0dGVuZCBhdHRpdHVkZSBhdHRyYWN0IGF1Y3Rpb24gYXVkaXQgYXVndXN0IGF1bnQgYXV0aG9yIGF1dG8gYXV0dW1uIGF2ZXJhZ2UgYXZvY2FkbyBhdm9pZCBhd2FrZSBhd2FyZSBhd2F5IGF3ZXNvbWUgYXdmdWwgYXdrd2FyZCBheGlzIGJhYnkgYmFjaGVsb3IgYmFjb24gYmFkZ2UgYmFnIGJhbGFuY2UgYmFsY29ueSBiYWxsIGJhbWJvbyBiYW5hbmEgYmFubmVyIGJhciBiYXJlbHkgYmFyZ2FpbiBiYXJyZWwgYmFzZSBiYXNpYyBiYXNrZXQgYmF0dGxlIGJlYWNoIGJlYW4gYmVhdXR5IGJlY2F1c2UgYmVjb21lIGJlZWYgYmVmb3JlIGJlZ2luIGJlaGF2ZSBiZWhpbmQgYmVsaWV2ZSBiZWxvdyBiZWx0IGJlbmNoIGJlbmVmaXQgYmVzdCBiZXRyYXkgYmV0dGVyIGJldHdlZW4gYmV5b25kIGJpY3ljbGUgYmlkIGJpa2UgYmluZCBiaW9sb2d5IGJpcmQgYmlydGggYml0dGVyIGJsYWNrIGJsYWRlIGJsYW1lIGJsYW5rZXQgYmxhc3QgYmxlYWsgYmxlc3MgYmxpbmQgYmxvb2QgYmxvc3NvbSBibG91c2UgYmx1ZSBibHVyIGJsdXNoIGJvYXJkIGJvYXQgYm9keSBib2lsIGJvbWIgYm9uZSBib251cyBib29rIGJvb3N0IGJvcmRlciBib3JpbmcgYm9ycm93IGJvc3MgYm90dG9tIGJvdW5jZSBib3ggYm95IGJyYWNrZXQgYnJhaW4gYnJhbmQgYnJhc3MgYnJhdmUgYnJlYWQgYnJlZXplIGJyaWNrIGJyaWRnZSBicmllZiBicmlnaHQgYnJpbmcgYnJpc2sgYnJvY2NvbGkgYnJva2VuIGJyb256ZSBicm9vbSBicm90aGVyIGJyb3duIGJydXNoIGJ1YmJsZSBidWRkeSBidWRnZXQgYnVmZmFsbyBidWlsZCBidWxiIGJ1bGsgYnVsbGV0IGJ1bmRsZSBidW5rZXIgYnVyZGVuIGJ1cmdlciBidXJzdCBidXMgYnVzaW5lc3MgYnVzeSBidXR0ZXIgYnV5ZXIgYnV6eiBjYWJiYWdlIGNhYmluIGNhYmxlIGNhY3R1cyBjYWdlIGNha2UgY2FsbCBjYWxtIGNhbWVyYSBjYW1wIGNhbiBjYW5hbCBjYW5jZWwgY2FuZHkgY2Fubm9uIGNhbm9lIGNhbnZhcyBjYW55b24gY2FwYWJsZSBjYXBpdGFsIGNhcHRhaW4gY2FyIGNhcmJvbiBjYXJkIGNhcmdvIGNhcnBldCBjYXJyeSBjYXJ0IGNhc2UgY2FzaCBjYXNpbm8gY2FzdGxlIGNhc3VhbCBjYXQgY2F0YWxvZyBjYXRjaCBjYXRlZ29yeSBjYXR0bGUgY2F1Z2h0IGNhdXNlIGNhdXRpb24gY2F2ZSBjZWlsaW5nIGNlbGVyeSBjZW1lbnQgY2Vuc3VzIGNlbnR1cnkgY2VyZWFsIGNlcnRhaW4gY2hhaXIgY2hhbGsgY2hhbXBpb24gY2hhbmdlIGNoYW9zIGNoYXB0ZXIgY2hhcmdlIGNoYXNlIGNoYXQgY2hlYXAgY2hlY2sgY2hlZXNlIGNoZWYgY2hlcnJ5IGNoZXN0IGNoaWNrZW4gY2hpZWYgY2hpbGQgY2hpbW5leSBjaG9pY2UgY2hvb3NlIGNocm9uaWMgY2h1Y2tsZSBjaHVuayBjaHVybiBjaWdhciBjaW5uYW1vbiBjaXJjbGUgY2l0aXplbiBjaXR5IGNpdmlsIGNsYWltIGNsYXAgY2xhcmlmeSBjbGF3IGNsYXkgY2xlYW4gY2xlcmsgY2xldmVyIGNsaWNrIGNsaWVudCBjbGlmZiBjbGltYiBjbGluaWMgY2xpcCBjbG9jayBjbG9nIGNsb3NlIGNsb3RoIGNsb3VkIGNsb3duIGNsdWIgY2x1bXAgY2x1c3RlciBjbHV0Y2ggY29hY2ggY29hc3QgY29jb251dCBjb2RlIGNvZmZlZSBjb2lsIGNvaW4gY29sbGVjdCBjb2xvciBjb2x1bW4gY29tYmluZSBjb21lIGNvbWZvcnQgY29taWMgY29tbW9uIGNvbXBhbnkgY29uY2VydCBjb25kdWN0IGNvbmZpcm0gY29uZ3Jlc3MgY29ubmVjdCBjb25zaWRlciBjb250cm9sIGNvbnZpbmNlIGNvb2sgY29vbCBjb3BwZXIgY29weSBjb3JhbCBjb3JlIGNvcm4gY29ycmVjdCBjb3N0IGNvdHRvbiBjb3VjaCBjb3VudHJ5IGNvdXBsZSBjb3Vyc2UgY291c2luIGNvdmVyIGNveW90ZSBjcmFjayBjcmFkbGUgY3JhZnQgY3JhbSBjcmFuZSBjcmFzaCBjcmF0ZXIgY3Jhd2wgY3JhenkgY3JlYW0gY3JlZGl0IGNyZWVrIGNyZXcgY3JpY2tldCBjcmltZSBjcmlzcCBjcml0aWMgY3JvcCBjcm9zcyBjcm91Y2ggY3Jvd2QgY3J1Y2lhbCBjcnVlbCBjcnVpc2UgY3J1bWJsZSBjcnVuY2ggY3J1c2ggY3J5IGNyeXN0YWwgY3ViZSBjdWx0dXJlIGN1cCBjdXBib2FyZCBjdXJpb3VzIGN1cnJlbnQgY3VydGFpbiBjdXJ2ZSBjdXNoaW9uIGN1c3RvbSBjdXRlIGN5Y2xlIGRhZCBkYW1hZ2UgZGFtcCBkYW5jZSBkYW5nZXIgZGFyaW5nIGRhc2ggZGF1Z2h0ZXIgZGF3biBkYXkgZGVhbCBkZWJhdGUgZGVicmlzIGRlY2FkZSBkZWNlbWJlciBkZWNpZGUgZGVjbGluZSBkZWNvcmF0ZSBkZWNyZWFzZSBkZWVyIGRlZmVuc2UgZGVmaW5lIGRlZnkgZGVncmVlIGRlbGF5IGRlbGl2ZXIgZGVtYW5kIGRlbWlzZSBkZW5pYWwgZGVudGlzdCBkZW55IGRlcGFydCBkZXBlbmQgZGVwb3NpdCBkZXB0aCBkZXB1dHkgZGVyaXZlIGRlc2NyaWJlIGRlc2VydCBkZXNpZ24gZGVzayBkZXNwYWlyIGRlc3Ryb3kgZGV0YWlsIGRldGVjdCBkZXZlbG9wIGRldmljZSBkZXZvdGUgZGlhZ3JhbSBkaWFsIGRpYW1vbmQgZGlhcnkgZGljZSBkaWVzZWwgZGlldCBkaWZmZXIgZGlnaXRhbCBkaWduaXR5IGRpbGVtbWEgZGlubmVyIGRpbm9zYXVyIGRpcmVjdCBkaXJ0IGRpc2FncmVlIGRpc2NvdmVyIGRpc2Vhc2UgZGlzaCBkaXNtaXNzIGRpc29yZGVyIGRpc3BsYXkgZGlzdGFuY2UgZGl2ZXJ0IGRpdmlkZSBkaXZvcmNlIGRpenp5IGRvY3RvciBkb2N1bWVudCBkb2cgZG9sbCBkb2xwaGluIGRvbWFpbiBkb25hdGUgZG9ua2V5IGRvbm9yIGRvb3IgZG9zZSBkb3VibGUgZG92ZSBkcmFmdCBkcmFnb24gZHJhbWEgZHJhc3RpYyBkcmF3IGRyZWFtIGRyZXNzIGRyaWZ0IGRyaWxsIGRyaW5rIGRyaXAgZHJpdmUgZHJvcCBkcnVtIGRyeSBkdWNrIGR1bWIgZHVuZSBkdXJpbmcgZHVzdCBkdXRjaCBkdXR5IGR3YXJmIGR5bmFtaWMgZWFnZXIgZWFnbGUgZWFybHkgZWFybiBlYXJ0aCBlYXNpbHkgZWFzdCBlYXN5IGVjaG8gZWNvbG9neSBlY29ub215IGVkZ2UgZWRpdCBlZHVjYXRlIGVmZm9ydCBlZ2cgZWlnaHQgZWl0aGVyIGVsYm93IGVsZGVyIGVsZWN0cmljIGVsZWdhbnQgZWxlbWVudCBlbGVwaGFudCBlbGV2YXRvciBlbGl0ZSBlbHNlIGVtYmFyayBlbWJvZHkgZW1icmFjZSBlbWVyZ2UgZW1vdGlvbiBlbXBsb3kgZW1wb3dlciBlbXB0eSBlbmFibGUgZW5hY3QgZW5kIGVuZGxlc3MgZW5kb3JzZSBlbmVteSBlbmVyZ3kgZW5mb3JjZSBlbmdhZ2UgZW5naW5lIGVuaGFuY2UgZW5qb3kgZW5saXN0IGVub3VnaCBlbnJpY2ggZW5yb2xsIGVuc3VyZSBlbnRlciBlbnRpcmUgZW50cnkgZW52ZWxvcGUgZXBpc29kZSBlcXVhbCBlcXVpcCBlcmEgZXJhc2UgZXJvZGUgZXJvc2lvbiBlcnJvciBlcnVwdCBlc2NhcGUgZXNzYXkgZXNzZW5jZSBlc3RhdGUgZXRlcm5hbCBldGhpY3MgZXZpZGVuY2UgZXZpbCBldm9rZSBldm9sdmUgZXhhY3QgZXhhbXBsZSBleGNlc3MgZXhjaGFuZ2UgZXhjaXRlIGV4Y2x1ZGUgZXhjdXNlIGV4ZWN1dGUgZXhlcmNpc2UgZXhoYXVzdCBleGhpYml0IGV4aWxlIGV4aXN0IGV4aXQgZXhvdGljIGV4cGFuZCBleHBlY3QgZXhwaXJlIGV4cGxhaW4gZXhwb3NlIGV4cHJlc3MgZXh0ZW5kIGV4dHJhIGV5ZSBleWVicm93IGZhYnJpYyBmYWNlIGZhY3VsdHkgZmFkZSBmYWludCBmYWl0aCBmYWxsIGZhbHNlIGZhbWUgZmFtaWx5IGZhbW91cyBmYW4gZmFuY3kgZmFudGFzeSBmYXJtIGZhc2hpb24gZmF0IGZhdGFsIGZhdGhlciBmYXRpZ3VlIGZhdWx0IGZhdm9yaXRlIGZlYXR1cmUgZmVicnVhcnkgZmVkZXJhbCBmZWUgZmVlZCBmZWVsIGZlbWFsZSBmZW5jZSBmZXN0aXZhbCBmZXRjaCBmZXZlciBmZXcgZmliZXIgZmljdGlvbiBmaWVsZCBmaWd1cmUgZmlsZSBmaWxtIGZpbHRlciBmaW5hbCBmaW5kIGZpbmUgZmluZ2VyIGZpbmlzaCBmaXJlIGZpcm0gZmlyc3QgZmlzY2FsIGZpc2ggZml0IGZpdG5lc3MgZml4IGZsYWcgZmxhbWUgZmxhc2ggZmxhdCBmbGF2b3IgZmxlZSBmbGlnaHQgZmxpcCBmbG9hdCBmbG9jayBmbG9vciBmbG93ZXIgZmx1aWQgZmx1c2ggZmx5IGZvYW0gZm9jdXMgZm9nIGZvaWwgZm9sZCBmb2xsb3cgZm9vZCBmb290IGZvcmNlIGZvcmVzdCBmb3JnZXQgZm9yayBmb3J0dW5lIGZvcnVtIGZvcndhcmQgZm9zc2lsIGZvc3RlciBmb3VuZCBmb3ggZnJhZ2lsZSBmcmFtZSBmcmVxdWVudCBmcmVzaCBmcmllbmQgZnJpbmdlIGZyb2cgZnJvbnQgZnJvc3QgZnJvd24gZnJvemVuIGZydWl0IGZ1ZWwgZnVuIGZ1bm55IGZ1cm5hY2UgZnVyeSBmdXR1cmUgZ2FkZ2V0IGdhaW4gZ2FsYXh5IGdhbGxlcnkgZ2FtZSBnYXAgZ2FyYWdlIGdhcmJhZ2UgZ2FyZGVuIGdhcmxpYyBnYXJtZW50IGdhcyBnYXNwIGdhdGUgZ2F0aGVyIGdhdWdlIGdhemUgZ2VuZXJhbCBnZW5pdXMgZ2VucmUgZ2VudGxlIGdlbnVpbmUgZ2VzdHVyZSBnaG9zdCBnaWFudCBnaWZ0IGdpZ2dsZSBnaW5nZXIgZ2lyYWZmZSBnaXJsIGdpdmUgZ2xhZCBnbGFuY2UgZ2xhcmUgZ2xhc3MgZ2xpZGUgZ2xpbXBzZSBnbG9iZSBnbG9vbSBnbG9yeSBnbG92ZSBnbG93IGdsdWUgZ29hdCBnb2RkZXNzIGdvbGQgZ29vZCBnb29zZSBnb3JpbGxhIGdvc3BlbCBnb3NzaXAgZ292ZXJuIGdvd24gZ3JhYiBncmFjZSBncmFpbiBncmFudCBncmFwZSBncmFzcyBncmF2aXR5IGdyZWF0IGdyZWVuIGdyaWQgZ3JpZWYgZ3JpdCBncm9jZXJ5IGdyb3VwIGdyb3cgZ3J1bnQgZ3VhcmQgZ3Vlc3MgZ3VpZGUgZ3VpbHQgZ3VpdGFyIGd1biBneW0gaGFiaXQgaGFpciBoYWxmIGhhbW1lciBoYW1zdGVyIGhhbmQgaGFwcHkgaGFyYm9yIGhhcmQgaGFyc2ggaGFydmVzdCBoYXQgaGF2ZSBoYXdrIGhhemFyZCBoZWFkIGhlYWx0aCBoZWFydCBoZWF2eSBoZWRnZWhvZyBoZWlnaHQgaGVsbG8gaGVsbWV0IGhlbHAgaGVuIGhlcm8gaGlkZGVuIGhpZ2ggaGlsbCBoaW50IGhpcCBoaXJlIGhpc3RvcnkgaG9iYnkgaG9ja2V5IGhvbGQgaG9sZSBob2xpZGF5IGhvbGxvdyBob21lIGhvbmV5IGhvb2QgaG9wZSBob3JuIGhvcnJvciBob3JzZSBob3NwaXRhbCBob3N0IGhvdGVsIGhvdXIgaG92ZXIgaHViIGh1Z2UgaHVtYW4gaHVtYmxlIGh1bW9yIGh1bmRyZWQgaHVuZ3J5IGh1bnQgaHVyZGxlIGh1cnJ5IGh1cnQgaHVzYmFuZCBoeWJyaWQgaWNlIGljb24gaWRlYSBpZGVudGlmeSBpZGxlIGlnbm9yZSBpbGwgaWxsZWdhbCBpbGxuZXNzIGltYWdlIGltaXRhdGUgaW1tZW5zZSBpbW11bmUgaW1wYWN0IGltcG9zZSBpbXByb3ZlIGltcHVsc2UgaW5jaCBpbmNsdWRlIGluY29tZSBpbmNyZWFzZSBpbmRleCBpbmRpY2F0ZSBpbmRvb3IgaW5kdXN0cnkgaW5mYW50IGluZmxpY3QgaW5mb3JtIGluaGFsZSBpbmhlcml0IGluaXRpYWwgaW5qZWN0IGluanVyeSBpbm1hdGUgaW5uZXIgaW5ub2NlbnQgaW5wdXQgaW5xdWlyeSBpbnNhbmUgaW5zZWN0IGluc2lkZSBpbnNwaXJlIGluc3RhbGwgaW50YWN0IGludGVyZXN0IGludG8gaW52ZXN0IGludml0ZSBpbnZvbHZlIGlyb24gaXNsYW5kIGlzb2xhdGUgaXNzdWUgaXRlbSBpdm9yeSBqYWNrZXQgamFndWFyIGphciBqYXp6IGplYWxvdXMgamVhbnMgamVsbHkgamV3ZWwgam9iIGpvaW4gam9rZSBqb3VybmV5IGpveSBqdWRnZSBqdWljZSBqdW1wIGp1bmdsZSBqdW5pb3IganVuayBqdXN0IGthbmdhcm9vIGtlZW4ga2VlcCBrZXRjaHVwIGtleSBraWNrIGtpZCBraWRuZXkga2luZCBraW5nZG9tIGtpc3Mga2l0IGtpdGNoZW4ga2l0ZSBraXR0ZW4ga2l3aSBrbmVlIGtuaWZlIGtub2NrIGtub3cgbGFiIGxhYmVsIGxhYm9yIGxhZGRlciBsYWR5IGxha2UgbGFtcCBsYW5ndWFnZSBsYXB0b3AgbGFyZ2UgbGF0ZXIgbGF0aW4gbGF1Z2ggbGF1bmRyeSBsYXZhIGxhdyBsYXduIGxhd3N1aXQgbGF5ZXIgbGF6eSBsZWFkZXIgbGVhZiBsZWFybiBsZWF2ZSBsZWN0dXJlIGxlZnQgbGVnIGxlZ2FsIGxlZ2VuZCBsZWlzdXJlIGxlbW9uIGxlbmQgbGVuZ3RoIGxlbnMgbGVvcGFyZCBsZXNzb24gbGV0dGVyIGxldmVsIGxpYXIgbGliZXJ0eSBsaWJyYXJ5IGxpY2Vuc2UgbGlmZSBsaWZ0IGxpZ2h0IGxpa2UgbGltYiBsaW1pdCBsaW5rIGxpb24gbGlxdWlkIGxpc3QgbGl0dGxlIGxpdmUgbGl6YXJkIGxvYWQgbG9hbiBsb2JzdGVyIGxvY2FsIGxvY2sgbG9naWMgbG9uZWx5IGxvbmcgbG9vcCBsb3R0ZXJ5IGxvdWQgbG91bmdlIGxvdmUgbG95YWwgbHVja3kgbHVnZ2FnZSBsdW1iZXIgbHVuYXIgbHVuY2ggbHV4dXJ5IGx5cmljcyBtYWNoaW5lIG1hZCBtYWdpYyBtYWduZXQgbWFpZCBtYWlsIG1haW4gbWFqb3IgbWFrZSBtYW1tYWwgbWFuIG1hbmFnZSBtYW5kYXRlIG1hbmdvIG1hbnNpb24gbWFudWFsIG1hcGxlIG1hcmJsZSBtYXJjaCBtYXJnaW4gbWFyaW5lIG1hcmtldCBtYXJyaWFnZSBtYXNrIG1hc3MgbWFzdGVyIG1hdGNoIG1hdGVyaWFsIG1hdGggbWF0cml4IG1hdHRlciBtYXhpbXVtIG1hemUgbWVhZG93IG1lYW4gbWVhc3VyZSBtZWF0IG1lY2hhbmljIG1lZGFsIG1lZGlhIG1lbG9keSBtZWx0IG1lbWJlciBtZW1vcnkgbWVudGlvbiBtZW51IG1lcmN5IG1lcmdlIG1lcml0IG1lcnJ5IG1lc2ggbWVzc2FnZSBtZXRhbCBtZXRob2QgbWlkZGxlIG1pZG5pZ2h0IG1pbGsgbWlsbGlvbiBtaW1pYyBtaW5kIG1pbmltdW0gbWlub3IgbWludXRlIG1pcmFjbGUgbWlycm9yIG1pc2VyeSBtaXNzIG1pc3Rha2UgbWl4IG1peGVkIG1peHR1cmUgbW9iaWxlIG1vZGVsIG1vZGlmeSBtb20gbW9tZW50IG1vbml0b3IgbW9ua2V5IG1vbnN0ZXIgbW9udGggbW9vbiBtb3JhbCBtb3JlIG1vcm5pbmcgbW9zcXVpdG8gbW90aGVyIG1vdGlvbiBtb3RvciBtb3VudGFpbiBtb3VzZSBtb3ZlIG1vdmllIG11Y2ggbXVmZmluIG11bGUgbXVsdGlwbHkgbXVzY2xlIG11c2V1bSBtdXNocm9vbSBtdXNpYyBtdXN0IG11dHVhbCBteXNlbGYgbXlzdGVyeSBteXRoIG5haXZlIG5hbWUgbmFwa2luIG5hcnJvdyBuYXN0eSBuYXRpb24gbmF0dXJlIG5lYXIgbmVjayBuZWVkIG5lZ2F0aXZlIG5lZ2xlY3QgbmVpdGhlciBuZXBoZXcgbmVydmUgbmVzdCBuZXQgbmV0d29yayBuZXV0cmFsIG5ldmVyIG5ld3MgbmV4dCBuaWNlIG5pZ2h0IG5vYmxlIG5vaXNlIG5vbWluZWUgbm9vZGxlIG5vcm1hbCBub3J0aCBub3NlIG5vdGFibGUgbm90ZSBub3RoaW5nIG5vdGljZSBub3ZlbCBub3cgbnVjbGVhciBudW1iZXIgbnVyc2UgbnV0IG9hayBvYmV5IG9iamVjdCBvYmxpZ2Ugb2JzY3VyZSBvYnNlcnZlIG9idGFpbiBvYnZpb3VzIG9jY3VyIG9jZWFuIG9jdG9iZXIgb2RvciBvZmYgb2ZmZXIgb2ZmaWNlIG9mdGVuIG9pbCBva2F5IG9sZCBvbGl2ZSBvbHltcGljIG9taXQgb25jZSBvbmUgb25pb24gb25saW5lIG9ubHkgb3BlbiBvcGVyYSBvcGluaW9uIG9wcG9zZSBvcHRpb24gb3JhbmdlIG9yYml0IG9yY2hhcmQgb3JkZXIgb3JkaW5hcnkgb3JnYW4gb3JpZW50IG9yaWdpbmFsIG9ycGhhbiBvc3RyaWNoIG90aGVyIG91dGRvb3Igb3V0ZXIgb3V0cHV0IG91dHNpZGUgb3ZhbCBvdmVuIG92ZXIgb3duIG93bmVyIG94eWdlbiBveXN0ZXIgb3pvbmUgcGFjdCBwYWRkbGUgcGFnZSBwYWlyIHBhbGFjZSBwYWxtIHBhbmRhIHBhbmVsIHBhbmljIHBhbnRoZXIgcGFwZXIgcGFyYWRlIHBhcmVudCBwYXJrIHBhcnJvdCBwYXJ0eSBwYXNzIHBhdGNoIHBhdGggcGF0aWVudCBwYXRyb2wgcGF0dGVybiBwYXVzZSBwYXZlIHBheW1lbnQgcGVhY2UgcGVhbnV0IHBlYXIgcGVhc2FudCBwZWxpY2FuIHBlbiBwZW5hbHR5IHBlbmNpbCBwZW9wbGUgcGVwcGVyIHBlcmZlY3QgcGVybWl0IHBlcnNvbiBwZXQgcGhvbmUgcGhvdG8gcGhyYXNlIHBoeXNpY2FsIHBpYW5vIHBpY25pYyBwaWN0dXJlIHBpZWNlIHBpZyBwaWdlb24gcGlsbCBwaWxvdCBwaW5rIHBpb25lZXIgcGlwZSBwaXN0b2wgcGl0Y2ggcGl6emEgcGxhY2UgcGxhbmV0IHBsYXN0aWMgcGxhdGUgcGxheSBwbGVhc2UgcGxlZGdlIHBsdWNrIHBsdWcgcGx1bmdlIHBvZW0gcG9ldCBwb2ludCBwb2xhciBwb2xlIHBvbGljZSBwb25kIHBvbnkgcG9vbCBwb3B1bGFyIHBvcnRpb24gcG9zaXRpb24gcG9zc2libGUgcG9zdCBwb3RhdG8gcG90dGVyeSBwb3ZlcnR5IHBvd2RlciBwb3dlciBwcmFjdGljZSBwcmFpc2UgcHJlZGljdCBwcmVmZXIgcHJlcGFyZSBwcmVzZW50IHByZXR0eSBwcmV2ZW50IHByaWNlIHByaWRlIHByaW1hcnkgcHJpbnQgcHJpb3JpdHkgcHJpc29uIHByaXZhdGUgcHJpemUgcHJvYmxlbSBwcm9jZXNzIHByb2R1Y2UgcHJvZml0IHByb2dyYW0gcHJvamVjdCBwcm9tb3RlIHByb29mIHByb3BlcnR5IHByb3NwZXIgcHJvdGVjdCBwcm91ZCBwcm92aWRlIHB1YmxpYyBwdWRkaW5nIHB1bGwgcHVscCBwdWxzZSBwdW1wa2luIHB1bmNoIHB1cGlsIHB1cHB5IHB1cmNoYXNlIHB1cml0eSBwdXJwb3NlIHB1cnNlIHB1c2ggcHV0IHB1enpsZSBweXJhbWlkIHF1YWxpdHkgcXVhbnR1bSBxdWFydGVyIHF1ZXN0aW9uIHF1aWNrIHF1aXQgcXVpeiBxdW90ZSByYWJiaXQgcmFjY29vbiByYWNlIHJhY2sgcmFkYXIgcmFkaW8gcmFpbCByYWluIHJhaXNlIHJhbGx5IHJhbXAgcmFuY2ggcmFuZG9tIHJhbmdlIHJhcGlkIHJhcmUgcmF0ZSByYXRoZXIgcmF2ZW4gcmF3IHJhem9yIHJlYWR5IHJlYWwgcmVhc29uIHJlYmVsIHJlYnVpbGQgcmVjYWxsIHJlY2VpdmUgcmVjaXBlIHJlY29yZCByZWN5Y2xlIHJlZHVjZSByZWZsZWN0IHJlZm9ybSByZWZ1c2UgcmVnaW9uIHJlZ3JldCByZWd1bGFyIHJlamVjdCByZWxheCByZWxlYXNlIHJlbGllZiByZWx5IHJlbWFpbiByZW1lbWJlciByZW1pbmQgcmVtb3ZlIHJlbmRlciByZW5ldyByZW50IHJlb3BlbiByZXBhaXIgcmVwZWF0IHJlcGxhY2UgcmVwb3J0IHJlcXVpcmUgcmVzY3VlIHJlc2VtYmxlIHJlc2lzdCByZXNvdXJjZSByZXNwb25zZSByZXN1bHQgcmV0aXJlIHJldHJlYXQgcmV0dXJuIHJldW5pb24gcmV2ZWFsIHJldmlldyByZXdhcmQgcmh5dGhtIHJpYiByaWJib24gcmljZSByaWNoIHJpZGUgcmlkZ2UgcmlmbGUgcmlnaHQgcmlnaWQgcmluZyByaW90IHJpcHBsZSByaXNrIHJpdHVhbCByaXZhbCByaXZlciByb2FkIHJvYXN0IHJvYm90IHJvYnVzdCByb2NrZXQgcm9tYW5jZSByb29mIHJvb2tpZSByb29tIHJvc2Ugcm90YXRlIHJvdWdoIHJvdW5kIHJvdXRlIHJveWFsIHJ1YmJlciBydWRlIHJ1ZyBydWxlIHJ1biBydW53YXkgcnVyYWwgc2FkIHNhZGRsZSBzYWRuZXNzIHNhZmUgc2FpbCBzYWxhZCBzYWxtb24gc2Fsb24gc2FsdCBzYWx1dGUgc2FtZSBzYW1wbGUgc2FuZCBzYXRpc2Z5IHNhdG9zaGkgc2F1Y2Ugc2F1c2FnZSBzYXZlIHNheSBzY2FsZSBzY2FuIHNjYXJlIHNjYXR0ZXIgc2NlbmUgc2NoZW1lIHNjaG9vbCBzY2llbmNlIHNjaXNzb3JzIHNjb3JwaW9uIHNjb3V0IHNjcmFwIHNjcmVlbiBzY3JpcHQgc2NydWIgc2VhIHNlYXJjaCBzZWFzb24gc2VhdCBzZWNvbmQgc2VjcmV0IHNlY3Rpb24gc2VjdXJpdHkgc2VlZCBzZWVrIHNlZ21lbnQgc2VsZWN0IHNlbGwgc2VtaW5hciBzZW5pb3Igc2Vuc2Ugc2VudGVuY2Ugc2VyaWVzIHNlcnZpY2Ugc2Vzc2lvbiBzZXR0bGUgc2V0dXAgc2V2ZW4gc2hhZG93IHNoYWZ0IHNoYWxsb3cgc2hhcmUgc2hlZCBzaGVsbCBzaGVyaWZmIHNoaWVsZCBzaGlmdCBzaGluZSBzaGlwIHNoaXZlciBzaG9jayBzaG9lIHNob290IHNob3Agc2hvcnQgc2hvdWxkZXIgc2hvdmUgc2hyaW1wIHNocnVnIHNodWZmbGUgc2h5IHNpYmxpbmcgc2ljayBzaWRlIHNpZWdlIHNpZ2h0IHNpZ24gc2lsZW50IHNpbGsgc2lsbHkgc2lsdmVyIHNpbWlsYXIgc2ltcGxlIHNpbmNlIHNpbmcgc2lyZW4gc2lzdGVyIHNpdHVhdGUgc2l4IHNpemUgc2thdGUgc2tldGNoIHNraSBza2lsbCBza2luIHNraXJ0IHNrdWxsIHNsYWIgc2xhbSBzbGVlcCBzbGVuZGVyIHNsaWNlIHNsaWRlIHNsaWdodCBzbGltIHNsb2dhbiBzbG90IHNsb3cgc2x1c2ggc21hbGwgc21hcnQgc21pbGUgc21va2Ugc21vb3RoIHNuYWNrIHNuYWtlIHNuYXAgc25pZmYgc25vdyBzb2FwIHNvY2NlciBzb2NpYWwgc29jayBzb2RhIHNvZnQgc29sYXIgc29sZGllciBzb2xpZCBzb2x1dGlvbiBzb2x2ZSBzb21lb25lIHNvbmcgc29vbiBzb3JyeSBzb3J0IHNvdWwgc291bmQgc291cCBzb3VyY2Ugc291dGggc3BhY2Ugc3BhcmUgc3BhdGlhbCBzcGF3biBzcGVhayBzcGVjaWFsIHNwZWVkIHNwZWxsIHNwZW5kIHNwaGVyZSBzcGljZSBzcGlkZXIgc3Bpa2Ugc3BpbiBzcGlyaXQgc3BsaXQgc3BvaWwgc3BvbnNvciBzcG9vbiBzcG9ydCBzcG90IHNwcmF5IHNwcmVhZCBzcHJpbmcgc3B5IHNxdWFyZSBzcXVlZXplIHNxdWlycmVsIHN0YWJsZSBzdGFkaXVtIHN0YWZmIHN0YWdlIHN0YWlycyBzdGFtcCBzdGFuZCBzdGFydCBzdGF0ZSBzdGF5IHN0ZWFrIHN0ZWVsIHN0ZW0gc3RlcCBzdGVyZW8gc3RpY2sgc3RpbGwgc3Rpbmcgc3RvY2sgc3RvbWFjaCBzdG9uZSBzdG9vbCBzdG9yeSBzdG92ZSBzdHJhdGVneSBzdHJlZXQgc3RyaWtlIHN0cm9uZyBzdHJ1Z2dsZSBzdHVkZW50IHN0dWZmIHN0dW1ibGUgc3R5bGUgc3ViamVjdCBzdWJtaXQgc3Vid2F5IHN1Y2Nlc3Mgc3VjaCBzdWRkZW4gc3VmZmVyIHN1Z2FyIHN1Z2dlc3Qgc3VpdCBzdW1tZXIgc3VuIHN1bm55IHN1bnNldCBzdXBlciBzdXBwbHkgc3VwcmVtZSBzdXJlIHN1cmZhY2Ugc3VyZ2Ugc3VycHJpc2Ugc3Vycm91bmQgc3VydmV5IHN1c3BlY3Qgc3VzdGFpbiBzd2FsbG93IHN3YW1wIHN3YXAgc3dhcm0gc3dlYXIgc3dlZXQgc3dpZnQgc3dpbSBzd2luZyBzd2l0Y2ggc3dvcmQgc3ltYm9sIHN5bXB0b20gc3lydXAgc3lzdGVtIHRhYmxlIHRhY2tsZSB0YWcgdGFpbCB0YWxlbnQgdGFsayB0YW5rIHRhcGUgdGFyZ2V0IHRhc2sgdGFzdGUgdGF0dG9vIHRheGkgdGVhY2ggdGVhbSB0ZWxsIHRlbiB0ZW5hbnQgdGVubmlzIHRlbnQgdGVybSB0ZXN0IHRleHQgdGhhbmsgdGhhdCB0aGVtZSB0aGVuIHRoZW9yeSB0aGVyZSB0aGV5IHRoaW5nIHRoaXMgdGhvdWdodCB0aHJlZSB0aHJpdmUgdGhyb3cgdGh1bWIgdGh1bmRlciB0aWNrZXQgdGlkZSB0aWdlciB0aWx0IHRpbWJlciB0aW1lIHRpbnkgdGlwIHRpcmVkIHRpc3N1ZSB0aXRsZSB0b2FzdCB0b2JhY2NvIHRvZGF5IHRvZGRsZXIgdG9lIHRvZ2V0aGVyIHRvaWxldCB0b2tlbiB0b21hdG8gdG9tb3Jyb3cgdG9uZSB0b25ndWUgdG9uaWdodCB0b29sIHRvb3RoIHRvcCB0b3BpYyB0b3BwbGUgdG9yY2ggdG9ybmFkbyB0b3J0b2lzZSB0b3NzIHRvdGFsIHRvdXJpc3QgdG93YXJkIHRvd2VyIHRvd24gdG95IHRyYWNrIHRyYWRlIHRyYWZmaWMgdHJhZ2ljIHRyYWluIHRyYW5zZmVyIHRyYXAgdHJhc2ggdHJhdmVsIHRyYXkgdHJlYXQgdHJlZSB0cmVuZCB0cmlhbCB0cmliZSB0cmljayB0cmlnZ2VyIHRyaW0gdHJpcCB0cm9waHkgdHJvdWJsZSB0cnVjayB0cnVlIHRydWx5IHRydW1wZXQgdHJ1c3QgdHJ1dGggdHJ5IHR1YmUgdHVpdGlvbiB0dW1ibGUgdHVuYSB0dW5uZWwgdHVya2V5IHR1cm4gdHVydGxlIHR3ZWx2ZSB0d2VudHkgdHdpY2UgdHdpbiB0d2lzdCB0d28gdHlwZSB0eXBpY2FsIHVnbHkgdW1icmVsbGEgdW5hYmxlIHVuYXdhcmUgdW5jbGUgdW5jb3ZlciB1bmRlciB1bmRvIHVuZmFpciB1bmZvbGQgdW5oYXBweSB1bmlmb3JtIHVuaXF1ZSB1bml0IHVuaXZlcnNlIHVua25vd24gdW5sb2NrIHVudGlsIHVudXN1YWwgdW52ZWlsIHVwZGF0ZSB1cGdyYWRlIHVwaG9sZCB1cG9uIHVwcGVyIHVwc2V0IHVyYmFuIHVyZ2UgdXNhZ2UgdXNlIHVzZWQgdXNlZnVsIHVzZWxlc3MgdXN1YWwgdXRpbGl0eSB2YWNhbnQgdmFjdXVtIHZhZ3VlIHZhbGlkIHZhbGxleSB2YWx2ZSB2YW4gdmFuaXNoIHZhcG9yIHZhcmlvdXMgdmFzdCB2YXVsdCB2ZWhpY2xlIHZlbHZldCB2ZW5kb3IgdmVudHVyZSB2ZW51ZSB2ZXJiIHZlcmlmeSB2ZXJzaW9uIHZlcnkgdmVzc2VsIHZldGVyYW4gdmlhYmxlIHZpYnJhbnQgdmljaW91cyB2aWN0b3J5IHZpZGVvIHZpZXcgdmlsbGFnZSB2aW50YWdlIHZpb2xpbiB2aXJ0dWFsIHZpcnVzIHZpc2EgdmlzaXQgdmlzdWFsIHZpdGFsIHZpdmlkIHZvY2FsIHZvaWNlIHZvaWQgdm9sY2FubyB2b2x1bWUgdm90ZSB2b3lhZ2Ugd2FnZSB3YWdvbiB3YWl0IHdhbGsgd2FsbCB3YWxudXQgd2FudCB3YXJmYXJlIHdhcm0gd2FycmlvciB3YXNoIHdhc3Agd2FzdGUgd2F0ZXIgd2F2ZSB3YXkgd2VhbHRoIHdlYXBvbiB3ZWFyIHdlYXNlbCB3ZWF0aGVyIHdlYiB3ZWRkaW5nIHdlZWtlbmQgd2VpcmQgd2VsY29tZSB3ZXN0IHdldCB3aGFsZSB3aGF0IHdoZWF0IHdoZWVsIHdoZW4gd2hlcmUgd2hpcCB3aGlzcGVyIHdpZGUgd2lkdGggd2lmZSB3aWxkIHdpbGwgd2luIHdpbmRvdyB3aW5lIHdpbmcgd2luayB3aW5uZXIgd2ludGVyIHdpcmUgd2lzZG9tIHdpc2Ugd2lzaCB3aXRuZXNzIHdvbGYgd29tYW4gd29uZGVyIHdvb2Qgd29vbCB3b3JkIHdvcmsgd29ybGQgd29ycnkgd29ydGggd3JhcCB3cmVjayB3cmVzdGxlIHdyaXN0IHdyaXRlIHdyb25nIHlhcmQgeWVhciB5ZWxsb3cgeW91IHlvdW5nIHlvdXRoIHplYnJhIHplcm8gem9uZSB6b28= 7f0e27f0e47f531b0b0bb0b6fb0722 vh9wGkfK8YmqbsoENP3764SeCX0dVzrgy1HRtpnTaLjJW2xQiZAcBMUFDu5 9rWcXt3hL27IOS2PdV0FFy4UoXpY9aHXpf5Y8qPt87M=
信息 应用程序记录日志信息,不得记录敏感信息
应用程序记录日志信息,不得记录敏感信息 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#logs Files: be/appmire/flutterkeychain/FlutterKeychainPlugin.java, line(s) 74,209 cn/hutool/core/lang/Console.java, line(s) 89,118,11,40,85 cn/hutool/cron/Scheduler.java, line(s) 101 cn/hutool/cron/listener/TaskListenerManager.java, line(s) 55 cn/hutool/cron/timingwheel/TimingWheel.java, line(s) 39 cn/hutool/db/Db.java, line(s) 123,135 cn/hutool/db/dialect/DialectFactory.java, line(s) 29 cn/hutool/db/ds/GlobalDSFactory.java, line(s) 15,41 cn/hutool/extra/expression/engine/ExpressionFactory.java, line(s) 27 cn/hutool/extra/pinyin/engine/PinyinFactory.java, line(s) 27 cn/hutool/extra/template/engine/TemplateFactory.java, line(s) 33 cn/hutool/extra/tokenizer/engine/TokenizerFactory.java, line(s) 27 cn/hutool/log/dialect/jdk/JdkLogFactory.java, line(s) 31 cn/hutool/setting/Setting.java, line(s) 128 cn/hutool/setting/dialect/Props.java, line(s) 379 cn/hutool/socket/aio/AcceptHandler.java, line(s) 20 cn/hutool/socket/aio/SimpleIoAction.java, line(s) 13 cn/hutool/socket/nio/AcceptHandler.java, line(s) 15,24 com/alexii/j2v8debugger/utils/Logger.java, line(s) 16,58,26,36,47 com/amazonaws/logging/AndroidLog.java, line(s) 55,62,97,104,15,20,25,30,35,69,76,41,48,83,90 com/amazonaws/logging/LogFactory.java, line(s) 40,52 com/amazonaws/mobileconnectors/cognito/CognitoSyncManager.java, line(s) 106,61,88,98,104,153 com/amazonaws/mobileconnectors/cognito/DefaultDataset.java, line(s) 74,90,93,119,289,292,311,318,323,101,80,153,159,162,167,178,182,297 com/amazonaws/mobileconnectors/cognito/DefaultSyncCallback.java, line(s) 44,15,20,32,38 com/amazonaws/mobileconnectors/cognito/internal/storage/CognitoSyncStorage.java, line(s) 232,242 com/amazonaws/mobileconnectors/cognito/internal/storage/SQLiteLocalStorage.java, line(s) 99,121,262,275,315,362,257,77,286,336,342,431 com/app/hubert/guide/core/GuideLayout.java, line(s) 209 com/baseflow/permissionhandler/AppSettingsManager.java, line(s) 20 com/baseflow/permissionhandler/PermissionManager.java, line(s) 146,213,217,274,280,285,301 com/baseflow/permissionhandler/PermissionUtils.java, line(s) 397,401,406 com/baseflow/permissionhandler/ServiceManager.java, line(s) 30 com/bdkit/bdkit/c.java, line(s) 201 com/bdkit/entry/BDEntry.java, line(s) 83 com/billy/android/loading/Gloading.java, line(s) 243 com/cgfay/scan/utils/ExifInterfaceUtils.java, line(s) 36,40,64 com/cgfay/scan/utils/FileUtils.java, line(s) 105,144,195,205 com/cgfay/scan/utils/MediaMetadataUtils.java, line(s) 147 com/common/use/util/AppUtils.java, line(s) 162,102,141,674,676,687 com/common/use/util/KeyboardUtils.java, line(s) 107,169,200 com/common/use/util/Md5Utils.java, line(s) 30 com/common/use/util/NetworkUtils.java, line(s) 72,75,85,106 com/common/use/util/PhoneUtils.java, line(s) 67,91 com/common/use/util/ProcessUtils.java, line(s) 45,47,58 com/common/use/util/ToastUtils.java, line(s) 363,403,408 com/common/use/util/UCodeUtil.java, line(s) 51,57,63,68,72 com/common/use/util/ZipUtils.java, line(s) 214,224,297 com/coremedia/iso/boxes/sampleentry/AudioSampleEntry.java, line(s) 198 com/danikula/videocache/file/FFConcatHelper.java, line(s) 74 com/danikula/videocache/hls/FileUtils.java, line(s) 43,48 com/danikula/videocache/log/LogUtil.java, line(s) 82,78,84,86,80 com/davemorrissey/labs/subscaleview/SubsamplingScaleImageView.java, line(s) 1762,1212,1306,1310,1385,1389,583,696,2176 com/davemorrissey/labs/subscaleview/decoder/SkiaPooledImageRegionDecoder.java, line(s) 385 com/dlna/upnp/AndroidUpnpMrg.java, line(s) 51,62,180,188,200,205,215,225,258,271,289,294,303,308,243,247,251,255,128,135 com/dlna/upnp/UpnpControl.java, line(s) 153,158,93,180,184,189,194,252 com/dlna/upnp/control/ClingPlayControl.java, line(s) 317,182,383,408 com/dlna/upnp/listener/BrowseRegistryListener.java, line(s) 26,43,44,47,56,61,69,73,22 com/dlna/upnp/service/PlayStatusService.java, line(s) 34 com/dlna/upnp/service/SystemService.java, line(s) 62 com/dlna/upnp/service/callback/AVTransportSubscriptionCallback.java, line(s) 40,44,48,52,29,60 com/dlna/upnp/service/callback/BaseSubscriptionCallback.java, line(s) 28,33 com/dlna/upnp/service/callback/RenderingControlSubscriptionCallback.java, line(s) 35,30 com/dlna/upnp/service/manager/DeviceManager.java, line(s) 26 com/dlna/upnp/util/UpnpPlayUrl.java, line(s) 32,71 com/eclipsesource/v8/debug/V8DebugServer.java, line(s) 63,208,222,285,338,416 com/feedback/lib/data/db/ChatDB.java, line(s) 213 com/feedback/lib/data/db/ChatOrderDB.java, line(s) 176 com/feedback/lib/net/d/d/a.java, line(s) 111,134,144 com/feedback/lib/net/d/g/a.java, line(s) 24 com/feedback/lib/upload/UploadManager.java, line(s) 129,153,156,157 com/feedback/lib/utils/data/e.java, line(s) 38 com/feedback/lib/widget/loading/Gloading.java, line(s) 224 com/feedback/lib/widget/player/VideoViewAttacher.java, line(s) 720 com/feedback/lib/widget/recyclerview/FBaseViewHolder.java, line(s) 45 com/feedback/lib/widget/recyclerview/decoration/GridDecoration.java, line(s) 25,27,32 com/flutter/star/live/StarLiveSDK.java, line(s) 164,522,494,500 com/flutter/star/plugins/player/LivePlayerFlutterPlugin.java, line(s) 189 com/flutter/star/plugins/player/ijk/IjkVideoView.java, line(s) 209,213,217,222,232,235,238,241,246,249,252,258,265,445,449,453,458,468,471,474,477,482,485,488,494,501,681,685,689,694,704,707,710,713,718,721,724,730,737,918,922,926,931,941,944,947,950,955,958,961,967,974,297,319,334,533,555,570,769,791,806,1006,1028,1043,1127,1204,1209 com/flutter/star/plugins/player/ijk/SurfaceRenderView.java, line(s) 88 com/flutter/star/plugins/player/ijk/TextureRenderView.java, line(s) 269,275,280,284,288,294,298,302,307,310,313,318,323 com/flutter/star/plugins/video/VideoFlutterPlugin.java, line(s) 103 com/flutter/star/plugins/video/ijk/PlayerSurfaceView.java, line(s) 49,55 com/flutter/star/plugins/webviewflutter/FlutterWebView.java, line(s) 91,97,103,109,117,135,140,147 com/gen/mh/webapp_extensions/WebApplication.java, line(s) 66 com/gen/mh/webapp_extensions/activities/TakePhotoActivity.java, line(s) 54,59,64,92 com/gen/mh/webapp_extensions/fragments/MainFragment.java, line(s) 129 com/gen/mh/webapp_extensions/matisse/internal/utils/ExifInterfaceCompat.java, line(s) 37,41,68 com/gen/mh/webapp_extensions/matisse/internal/utils/PhotoMetadataUtils.java, line(s) 187,196 com/gen/mh/webapp_extensions/matisse/ui/WebSdkMatisseActivity.java, line(s) 151 com/gen/mh/webapp_extensions/plugins/OkWebSocketPlugin.java, line(s) 159 com/gen/mh/webapp_extensions/plugins/PickImagePlugin.java, line(s) 79,84 com/gen/mh/webapp_extensions/plugins/StupidPlugin.java, line(s) 13 com/gen/mh/webapp_extensions/rxpermission/RxPermissionsFragment.java, line(s) 86 com/gen/mh/webapp_extensions/unity/Canvas.java, line(s) 395 com/gen/mh/webapp_extensions/unity/DownloadItem.java, line(s) 85,92 com/gen/mh/webapp_extensions/views/GCanvasView.java, line(s) 97,98,103,118,127 com/gen/mh/webapp_extensions/views/WAEFGCanvas.java, line(s) 65,96 com/gen/mh/webapp_extensions/views/camera/CameraPreview.java, line(s) 32,49 com/gen/mh/webapp_extensions/views/camera/CameraView.java, line(s) 126 com/gen/mh/webapp_extensions/views/player/CommonPlayerView.java, line(s) 356,366 com/gen/mh/webapp_extensions/views/player/HPlayer.java, line(s) 190,200 com/gen/mh/webapp_extensions/views/player/PlayerView.java, line(s) 359,628,645,782,558 com/gen/mh/webapp_extensions/views/wheelView/WheelPicker.java, line(s) 283,288,301,646 com/gen/mh/webapp_extensions/websocket/WsManager.java, line(s) 98,101,104,106,129,33 com/gen/mh/webapps/WebViewFragment.java, line(s) 1038,396,452 com/gen/mh/webapps/WebViewLaunchFragment.java, line(s) 833 com/gen/mh/webapps/container/impl/WebContainerImpl.java, line(s) 145 com/gen/mh/webapps/database/Table.java, line(s) 257 com/gen/mh/webapps/listener/JavascriptObject.java, line(s) 47,109 com/gen/mh/webapps/pugins/NativeViewPlugin.java, line(s) 85 com/gen/mh/webapps/server/runtime/V8BaseRuntime.java, line(s) 94,232,359,442 com/gen/mh/webapps/utils/FileUtils.java, line(s) 107,148,263,273 com/gen/mh/webapps/utils/Logger.java, line(s) 23,29,59,65,11,17,35,41,47,53 com/github/piasy/biv/indicator/progresspie/ProgressPieIndicator.java, line(s) 28,40,47 com/github/ybq/android/spinkit/animation/SpriteAnimatorBuilder.java, line(s) 146 com/hjq/toast/ToastLogInterceptor.java, line(s) 38 com/iceteck/silicompressorr/SiliCompressor.java, line(s) 51,69,115,89,91 com/iceteck/silicompressorr/videocompression/MediaController.java, line(s) 110 com/idlefish/flutterboost/FlutterBoostPlugin.java, line(s) 297,313 com/idlefish/flutterboost/containers/FlutterBoostActivity.java, line(s) 173,220,96,124 com/idlefish/flutterboost/containers/FlutterBoostFragment.java, line(s) 136,165 com/jess/arms/http/OkHttpStreamFetcher.java, line(s) 57,56 com/jess/arms/http/imageloader/glide/HResourceLoader.java, line(s) 44,47 com/jess/arms/http/imageloader/glide/HStreamLocalUriFetcher.java, line(s) 52 com/jess/arms/language/MultiLanguages.java, line(s) 129 com/jess/arms/utils/DeviceUtils.java, line(s) 194 com/jess/arms/utils/FastBlur.java, line(s) 250,265 com/liulishuo/okdownload/core/Util.java, line(s) 122,104,131,113 com/lxj/xpopup/util/XPermission.java, line(s) 365 com/mh/webappStart/android_plugin_impl/adapter/ImagePager.java, line(s) 43,50,58,72 com/mh/webappStart/android_plugin_impl/plugins/plugin/unity/BaseUnity.java, line(s) 20,47 com/mh/webappStart/android_plugin_impl/plugins/plugin/unity/InnerAudioContextUnity.java, line(s) 435 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/ChooseVideoImpl.java, line(s) 110,127 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/CompressImageImpl.java, line(s) 30 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/GetBatteryForLowVersionImpl.java, line(s) 17 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/GetBatteryImpl.java, line(s) 18,19,20,21 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/GetImageInfoImpl.java, line(s) 20,32 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/UserCaptureScreenImpl.java, line(s) 31,32 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/device/motion/DeviceMotionSwitchImpl.java, line(s) 36,37,38 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/download/DownloadTask.java, line(s) 63,120 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/download/thread_pool_support/DownloadTaskPool.java, line(s) 30,49,52 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/media/audio/CZMediaPlayer.java, line(s) 61,329,332,335,164,199,286 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/media/audio/ZZBMediaPlayer.java, line(s) 97,105,113,188,197,275,281,363,381,392,424,433,442,451,460 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/media/audio/background/BackgroundAudioManagerZZBMediaPlayer.java, line(s) 25,37,47 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/media/audio/background/PlayService.java, line(s) 117,126,181,183,186,189,193,196,202,235 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/media/audio/background/PlayingDetailActivity.java, line(s) 66 com/mh/webappStart/android_plugin_impl/plugins/plugin_impl/view/ToastView.java, line(s) 64,65 com/mh/webappStart/test/audio/SingleAudioPlayActivity.java, line(s) 30,49 com/mh/webappStart/util/CZViewUtil.java, line(s) 15,19 com/mh/webappStart/util/FileUtils.java, line(s) 12,27 com/mh/webappStart/util/ImgUtils.java, line(s) 86 com/mh/webappStart/util/queue/AbsQueueTaskHelper.java, line(s) 70 com/mh/webappStart/util/video_compress/VideoUtil.java, line(s) 10 com/okdl/movie/download/M3U8ParallelDloader.java, line(s) 126 com/okdl/movie/download/ParallelQueueHelper.java, line(s) 711 com/okdl/movie/download/VideoDownTask.java, line(s) 407 com/okdl/movie/download/api/SDCardSpaceCheck.java, line(s) 114 com/okdl/movie/download/dlistener/MovieDLoaderListener.java, line(s) 119 com/okdl/movie/download/log/LogDownloadUtil.java, line(s) 86,82,88,90,84 com/scwang/smartrefresh/layout/SmartRefreshLayout.java, line(s) 1779,1789 com/seven/movie/ad/AdInterceptor.java, line(s) 28 com/seven/movie/ad/link/SystemDownReceiver.java, line(s) 41 com/seven/movie/ad/mvp/ui/activity/WebViewActivity.java, line(s) 190 com/seven/movie/cachemovie/app/service/CacheServiceImpl.java, line(s) 166,174 com/seven/movie/cachemovie/cache/NotificationBroadcastReceiver.java, line(s) 37 com/seven/movie/cachemovie/m3u8download/DownNotificationBroadcastReceiver.java, line(s) 25 com/seven/movie/cachemovie/m3u8download/DownloadInfo.java, line(s) 190,199,208 com/seven/movie/cachemovie/m3u8download/M3u8Down.java, line(s) 491,356,420,458,151,324 com/seven/movie/cachemovie/m3u8download/M3u8DownManager.java, line(s) 502 com/seven/movie/cachemovie/util/Md5Util.java, line(s) 52 com/seven/movie/common/component/service/LogService.java, line(s) 120,282,286,307,313,323,325,384,466,474,154,159,167,173,234,239,244,252,272,370,403,85 com/seven/movie/common/utils/UriUtils.java, line(s) 31,39,48,64,72,78,90,94,101,104 com/seven/movie/common/utils/ZipManager.java, line(s) 551,33,53,107 com/seven/movie/commonres/image/HGlideImageLoader.java, line(s) 57,73,81,87,93 com/seven/movie/commonres/loading/Gloading.java, line(s) 248 com/seven/movie/commonres/loading/LVLoadingAdapter.java, line(s) 18 com/seven/movie/commonres/recyclerview/HLWBaseViewHolder.java, line(s) 101 com/seven/movie/commonres/recyclerview/LooperLayoutManager.java, line(s) 68,72 com/seven/movie/commonres/utils/FileUtil.java, line(s) 306,60 com/seven/movie/commonres/utils/TimesUtils.java, line(s) 32 com/seven/movie/commonres/utils/data/TextLink.java, line(s) 61 com/seven/movie/commonres/widget/CustomRecycleView.java, line(s) 48,76,88,90,100,102,109,57,125,127,131,132,135,141 com/seven/movie/commonres/widget/UMExpandLayout.java, line(s) 145 com/seven/movie/commonres/widget/WheelView.java, line(s) 114,192,280 com/seven/movie/commonres/widget/flowlayout/TagAdapter.java, line(s) 92,96 com/seven/movie/commonres/widget/flowlayout/TagFlowLayout.java, line(s) 125 com/seven/movie/commonres/widget/listener/KeyboardChangeListener.java, line(s) 23 com/seven/movie/commonres/widget/slidinguppanel/SlidingUpPanelLayout.java, line(s) 637 com/seven/movie/commonsdk/utils/AesUtil.java, line(s) 25,34 com/seven/movie/commonsdk/utils/CrashUtils.java, line(s) 231,79,81 com/seven/movie/commonsdk/utils/DesUtil.java, line(s) 15 com/seven/movie/commonsdk/utils/LogFileUtil.java, line(s) 82,78,84,86,80 com/seven/movie/commonservice/ad/bean/PVideoDetail.java, line(s) 841,842,843,844,845,846,847 com/seven/movie/commonservice/content/bean/LVideoPage.java, line(s) 436,437,438,439,440,441,442 com/seven/movie/commonservice/net/domain/CheckDomainUtils.java, line(s) 157,186,232 com/seven/movie/commonservice/net/domain/PackInfoManager.java, line(s) 44 com/seven/movie/commonservice/operation/EventOperation.java, line(s) 209,349,353 com/seven/movie/commonservice/operation/bean/VodTagLog.java, line(s) 19,50 com/seven/movie/commonservice/permission/PermissionAspect.java, line(s) 87 com/seven/movie/commonservice/utils/UCodeUtil.java, line(s) 67,73,79,84,87 com/seven/movie/community/mvp/presenter/CommunityEditListPresenter.java, line(s) 110 com/seven/movie/community/mvp/ui/widget/OneYuanProgressView.java, line(s) 324 com/seven/movie/home/mvp/ui/adapter/content/provider/VideoItemProvider.java, line(s) 75 com/seven/movie/home/mvp/ui/fragment/ColumnFlowFragment.java, line(s) 153 com/seven/movie/home/mvp/ui/view/DispatchEventRecyclerView.java, line(s) 54 com/seven/movie/home/mvp/ui/view/VideoPlayerView.java, line(s) 541 com/seven/movie/hotfix/app/service/HotfixBizServiceImpl.java, line(s) 71,80 com/seven/movie/hotfix/fix/FixCtl.java, line(s) 130,136,175,177 com/seven/movie/hotfix/fix/FixDexUtils.java, line(s) 29,34,99,192 com/seven/movie/hotfix/tk/shareutil/SharePatchFileUtil.java, line(s) 101,182,249,259,268,411,179,482,493,466 com/seven/movie/hotfix/tk/shareutil/ShareSecurityCheck.java, line(s) 54 com/seven/movie/hotfix/tk/shareutil/ShareTinkerInternals.java, line(s) 130,137,141,144,176,206,229,247,265,433,454,515,105,107,109,111,113,115,305,332,301,309,335 com/seven/movie/hotfix/tk/shareutil/ShareTinkerLog.java, line(s) 36,52,63,163,28,20,44 com/seven/movie/hotfix/tk/so/TinkerLoadLibrary.java, line(s) 18,26,43 com/seven/movie/im/mvp/model/db/ChatDB.java, line(s) 100 com/seven/movie/im/mvp/model/db/ChatListDB.java, line(s) 128 com/seven/movie/im/mvp/model/db/ChatOrderDB.java, line(s) 69 com/seven/movie/im/mvp/presenter/ChatListPresenter.java, line(s) 163 com/seven/movie/imgsearch/mvp/presenter/ImgSearchResultPresenter.java, line(s) 177,183 com/seven/movie/lvideo/mvp/presenter/LVideoPresenter.java, line(s) 59 com/seven/movie/lvideo/mvp/presenter/SearchResultShortVideoPresenter.java, line(s) 154 com/seven/movie/lvideo/mvp/ui/activity/VideoCutActivity.java, line(s) 348,352 com/seven/movie/lvideo/mvp/ui/adapter/BaseLVideoProvider.java, line(s) 65 com/seven/movie/lvideo/mvp/ui/adapter/LVideoAdProvider.java, line(s) 68 com/seven/movie/lvideo/mvp/ui/widget/LVideoPageView.java, line(s) 1114,1150,1157,1186 com/seven/movie/lvideo/mvp/view/rangeseek/FrameExtractor.java, line(s) 113,116 com/seven/movie/net/mob/MobCardUtils.java, line(s) 132 com/seven/movie/net/mob/PhoneInfoManager.java, line(s) 61 com/seven/movie/operation/app/service/EventPointCtl.java, line(s) 388,392,401 com/seven/movie/player/app/service/FileCacheServiceImpl.java, line(s) 72 com/seven/movie/player/mvp/presenter/HPlayerPresenter.java, line(s) 698 com/seven/movie/player/mvp/ui/widget/log/LogPlayerUtil.java, line(s) 82,78,84,86,80 com/seven/movie/player/mvp/ui/widget/player/HVideoView.java, line(s) 2079 com/seven/movie/player/mvp/ui/widget/player/HVideoViewNew.java, line(s) 318 com/seven/movie/player/mvp/ui/widget/viewer/VideoViewAttacher.java, line(s) 405 com/seven/movie/player/mvp/uitls/TextViewUtils.java, line(s) 153,169 com/seven/movie/share/mvp/ui/fragment/BaseWebViewFragment.java, line(s) 241 com/seven/movie/smallweb/mvp/ui/fragment/BaseWebFragment.java, line(s) 183,195 com/seven/movie/starlive/app/service/BTBoostActivityLifecycle.java, line(s) 49,54,55 com/seven/movie/uploadfilm/mvp/model/data/PicManager.java, line(s) 46,47,48,49,50,51,52,53,54,59,72,73,84 com/seven/movie/uploadfilm/mvp/model/data/UploadManager.java, line(s) 143,148,150,173,176,177 com/seven/movie/user/widget/UseSettingView.java, line(s) 107 com/soundcloud/android/crop/CropImageActivity.java, line(s) 136,142,379,387,425 com/soundcloud/android/crop/CropUtil.java, line(s) 48,62 com/soundcloud/android/crop/Log.java, line(s) 10,14 com/taobao/gcanvas/GCanvasJNI.java, line(s) 133,135,74,76,121 com/taobao/gcanvas/GFontConfigParser.java, line(s) 62,77,93,109,165,177,183,230,241,247,252 com/taobao/gcanvas/adapters/img/impl/fresco/GCanvasFrescoImageLoader.java, line(s) 50,54 com/taobao/gcanvas/audio/GAudioHandler.java, line(s) 53,99,250,260 com/taobao/gcanvas/audio/GAudioPlayer.java, line(s) 124 com/taobao/gcanvas/bridges/spec/module/AbsGBridgeModule.java, line(s) 96,110,155,166,169,192,205,354,125,177,213,350,364 com/taobao/gcanvas/surface/GTextureView.java, line(s) 75,79,81 com/taobao/gcanvas/surface/GTextureViewCallback.java, line(s) 71,82,96,113,128,135 com/taobao/gcanvas/util/GCanvasHelper.java, line(s) 25,49 com/taobao/gcanvas/util/GLog.java, line(s) 44,91,97,56,62,75,81,129,135,110,116 com/tbruyelle/rxpermissions2/RxPermissionsFragment.java, line(s) 85,48 com/tekartik/sqflite/Database.java, line(s) 51 com/tekartik/sqflite/SqflitePlugin.java, line(s) 113,126,212,364,381,481,609,615,626,645,649,675,694,719,733,748,769,778,505,752,773 com/tekartik/sqflite/SqlCommand.java, line(s) 25,36 com/tekartik/sqflite/dev/Debug.java, line(s) 12 com/tomato/ijk/media/player/IjkMediaCodecInfo.java, line(s) 194,196 com/tomato/ijk/media/player/IjkMediaPlayer.java, line(s) 922,926,799,814,808,856,917,929,951,327,459,826,948 com/tomato/ijk/media/player/pragma/DebugLog.java, line(s) 50,54,58,14,18,22,26,30,34,62,66,70,38,42,46 com/transitionseverywhere/PathParser.java, line(s) 121,193,198 com/transitionseverywhere/utils/ReflectionUtils.java, line(s) 56,83,94 com/vector/update_app/UpdateAppManager.java, line(s) 175 com/vector/update_app/service/DownloadService.java, line(s) 108 com/video/editor/ffmpeg/FFmpegCmd.java, line(s) 119,142,76,134 com/video/editor/ffmpeg/VideoEditor.java, line(s) 271,299 com/video/editor/ffmpeg/handler/FFmpegHandler.java, line(s) 29,59,61,81,105 com/video/editor/m3u8/CtlHls2.java, line(s) 65 com/video/editor/m3u8/HLSEditListener.java, line(s) 31,45,68,84 com/video/editor/m3u8/HlsCtl.java, line(s) 189,205,221,242,256,279 com/video/editor/mp4/Mp4Clip.java, line(s) 71 com/wang/avi/AVLoadingIndicatorView.java, line(s) 207 com/yalantis/ucrop/UCropActivity.java, line(s) 160 com/yalantis/ucrop/task/BitmapCropTask.java, line(s) 151,164,192,130 com/yalantis/ucrop/task/BitmapLoadTask.java, line(s) 128,150,89,92,134,141 com/yalantis/ucrop/util/BitmapLoadUtils.java, line(s) 106,54,85 com/yalantis/ucrop/util/EglUtils.java, line(s) 28 com/yalantis/ucrop/util/FileUtils.java, line(s) 63 com/yalantis/ucrop/util/ImageHeaderParser.java, line(s) 58,65,76,84,116,126,138,152,166,172,176,181,187,191,282,288,301,308,315,330,343,350,357,57,64,75,83,115,125,137,151,165,171,175,180,186,190 com/yalantis/ucrop/view/TransformImageView.java, line(s) 230,247,137,83 com/yalantis1/ucrop1/UCropActivity.java, line(s) 209 com/yalantis1/ucrop1/task/BitmapCropTask.java, line(s) 123 com/yalantis1/ucrop1/task/BitmapLoadTask.java, line(s) 135,175,220,98,141,155,162 com/yalantis1/ucrop1/util/BitmapLoadUtils.java, line(s) 105,53,84 com/yalantis1/ucrop1/util/EglUtils.java, line(s) 28 com/yalantis1/ucrop1/util/FileUtils.java, line(s) 63 com/yalantis1/ucrop1/util/ImageHeaderParser.java, line(s) 54,61,72,80,112,122,134,148,162,168,172,177,183,187,289,53,60,71,79,111,121,133,147,161,167,171,176,182,186 com/yalantis1/ucrop1/view/TransformImageView.java, line(s) 220,237,127,81 com/zyp/cardview/YcCardViewApi21.java, line(s) 17 com/zyp/cardview/YcRoundRectDrawable.java, line(s) 33 com/zyp/cardview/YcRoundRectDrawableWithShadow.java, line(s) 47 fi/iki/elonen/util/ServerRunner.java, line(s) 15,18,24 io/requery/android/database/AbstractCursor.java, line(s) 209 io/requery/android/database/DefaultDatabaseErrorHandler.java, line(s) 17,48,52 io/requery/android/database/sqlite/CloseGuard.java, line(s) 67 io/requery/android/database/sqlite/SQLiteConnection.java, line(s) 1113,295,891,893 io/requery/android/database/sqlite/SQLiteConnectionPool.java, line(s) 174,257,271,283,498,98,220,395 io/requery/android/database/sqlite/SQLiteCursor.java, line(s) 64,108,63,160 io/requery/android/database/sqlite/SQLiteDatabase.java, line(s) 379,392,397,399,592,605,1052,925,190 io/requery/android/database/sqlite/SQLiteDebug.java, line(s) 9,10,11 io/requery/android/database/sqlite/SQLiteOpenHelper.java, line(s) 110,139 io/requery/android/database/sqlite/SQLiteQuery.java, line(s) 32 io/requery/android/database/sqlite/SQLiteQueryBuilder.java, line(s) 134,133 io/rx_cache2/internal/cache/SaveRecord.java, line(s) 27 me/jessyan/retrofiturlmanager/RetrofitUrlManager.java, line(s) 107 me/jessyan/rxerrorhandler/handler/RetryWithDelay.java, line(s) 31 me/jessyan/rxerrorhandler/handler/RetryWithDelayOfFlowable.java, line(s) 31 net/sqlcipher/AbstractCursor.java, line(s) 237 net/sqlcipher/BulkCursorToCursorAdaptor.java, line(s) 48,96,136,160,171,181,199,107,118,219 net/sqlcipher/DatabaseUtils.java, line(s) 56,64,585,652 net/sqlcipher/DefaultDatabaseErrorHandler.java, line(s) 12,14,18,28,32 net/sqlcipher/database/SQLiteCompiledSql.java, line(s) 49,67,74,85,95 net/sqlcipher/database/SQLiteContentHelper.java, line(s) 25 net/sqlcipher/database/SQLiteDatabase.java, line(s) 357,925,933,953,964 net/sqlcipher/database/SQLiteDebug.java, line(s) 7,8,9,10,11,12 net/sqlcipher/database/SQLiteOpenHelper.java, line(s) 158,179 net/sqlcipher/database/SQLiteProgram.java, line(s) 63,69 net/sqlcipher/database/SQLiteQuery.java, line(s) 44 net/sqlcipher/database/SQLiteQueryBuilder.java, line(s) 133,132 net/sqlcipher/database/SqliteWrapper.java, line(s) 34,44,54,64,74 org/dom4j/DocumentFactory.java, line(s) 195 org/dom4j/bean/BeanDocumentFactory.java, line(s) 57 org/dom4j/datatype/DatatypeDocumentFactory.java, line(s) 65,66,84,85 org/dom4j/datatype/SchemaParser.java, line(s) 75,76,180 org/dom4j/dom/DOMNodeHelper.java, line(s) 334 org/dom4j/io/DOMReader.java, line(s) 69 org/dom4j/io/DOMWriter.java, line(s) 190,191,195 org/dom4j/io/SAXHelper.java, line(s) 40,41,42,65,66 org/dom4j/rule/RuleManager.java, line(s) 56 org/dom4j/swing/XMLTableColumnDefinition.java, line(s) 117 org/dom4j/swing/XMLTableDefinition.java, line(s) 168 org/dom4j/swing/XMLTableModel.java, line(s) 50,87 org/dom4j/tree/NamespaceStack.java, line(s) 188 org/dync/zxinglibrary/ScanManager.java, line(s) 109,367,377,229,240,243 org/dync/zxinglibrary/camera/AutoFocusManager.java, line(s) 34,51,64,87 org/dync/zxinglibrary/camera/CameraConfigurationManager.java, line(s) 47,49,52,55,57,62,66,68,70,80,94,91,96,125 org/dync/zxinglibrary/camera/CameraConfigurationUtils.java, line(s) 45,62,65,84,87,92,101,120,126,129,135,137,141,146,148,152,162,165,170,175,191,194,198,203,219,225,246,254,277,294,302,307,308,312,317,206,239 org/dync/zxinglibrary/camera/CameraManager.java, line(s) 236,68,67,76 org/dync/zxinglibrary/camera/open/OpenCameraInterface.java, line(s) 34,38,16,20 org/dync/zxinglibrary/decod/Utils.java, line(s) 216 org/dync/zxinglibrary/utils/BitmapUtils.java, line(s) 46 org/dync/zxinglibrary/utils/GestureDetectorUtil.java, line(s) 65,103,61,76,83 org/dync/zxinglibrary/utils/InactivityTimer.java, line(s) 91,31,41,47 org/greenrobot/eventbus/Logger.java, line(s) 81,86 org/greenrobot/eventbus/util/ErrorDialogConfig.java, line(s) 34 org/greenrobot/eventbus/util/ErrorDialogManager.java, line(s) 185 org/greenrobot/eventbus/util/ExceptionToResourceMapping.java, line(s) 25 org/opengl/surface/GLSurface.java, line(s) 74,88,89 org/seamless/util/io/MD5Crypt.java, line(s) 127 timber/log/Timber.java, line(s) 518,536 top/zibin/luban/Checker.java, line(s) 68,88,94,119,127 top/zibin/luban/Luban.java, line(s) 85,84 xyz/justsoft/video_thumbnail/VideoThumbnailPlugin.java, line(s) 132 xyz/luan/audioplayers/Logger.java, line(s) 30
信息 应用程序可以写入应用程序目录。敏感信息应加密
应用程序可以写入应用程序目录。敏感信息应加密 Files: be/appmire/flutterkeychain/FlutterKeychainPlugin.java, line(s) 56,82,56,82 com/bdkit/bdkit/c.java, line(s) 207,207 com/seven/movie/hotfix/fix/FixCtl.java, line(s) 54,206,54,206
信息 此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密
此应用程序使用SQL Cipher。SQLCipher为sqlite数据库文件提供256位AES加密 Files: com/okdl/movie/download/database/DBHelper.java, line(s) 24,7,8
信息 此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它
此应用程序将数据复制到剪贴板。敏感数据不应复制到剪贴板,因为其他应用程序可以访问它 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04b-Mobile-App-Security-Testing.md#clipboard Files: com/gen/mh/webapps/pugins/StoragePlugin.java, line(s) 4,97 com/seven/movie/commonres/utils/CopyUtils.java, line(s) 4,14,21
安全 此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击
此应用程序使用SSL Pinning 来检测或防止安全通信通道中的MITM攻击 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4 Files: cn/hutool/http/HttpRequest.java, line(s) 609,421 com/danikula/videocache/net/OkHttpManager.java, line(s) 103,102,103,90,101,101 com/feedback/lib/net/d/d/a.java, line(s) 142,78,108,141,129,140,140 com/feedback/lib/net/d/h/a.java, line(s) 57,56 com/gen/mh/webapp_extensions/matisse/engine/impl/PicassoEngine.java, line(s) 49,49 com/gen/mh/webapps/utils/Request.java, line(s) 205,207 com/jess/arms/di/module/ClientModule.java, line(s) 57,94 com/seven/movie/imgsearch/net/RetrofitHelper.java, line(s) 72,84,39 fi/iki/elonen/NanoHTTPD.java, line(s) 1458,1456,1458,1482,1455,1455
安全 此应用程序可能具有Root检测功能
此应用程序可能具有Root检测功能 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05j-Testing-Resiliency-Against-Reverse-Engineering.md#testing-root-detection-mstg-resilience-1 Files: com/common/use/util/AppUtils.java, line(s) 79,125,581
安全 此应用程序没有隐私跟踪程序
此应用程序不包括任何用户或设备跟踪器。在静态分析期间没有找到任何跟踪器。
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (api.fxfwf.com) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '湖北', 'city': '宜昌', 'latitude': '30.714531', 'longitude': '111.283882'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (mpay.m.jd.com) 通信。
{'ip': '221.228.32.13', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '镇江', 'latitude': '32.209366', 'longitude': '119.434372'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (staging110.dsccei.com) 通信。
{'ip': '58.217.200.221', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '无锡', 'latitude': '31.569349', 'longitude': '120.288788'}
关注 应用程序可能与位于OFAC制裁国家 (中国) 的服务器 (m10.music.126.net) 通信。
{'ip': '58.217.200.221', 'country_short': 'CN', 'country_long': '中国', 'region': '江苏', 'city': '南京', 'latitude': '32.061668', 'longitude': '118.777992'}