Android-Image-Cropper icon indicating copy to clipboard operation
Android-Image-Cropper copied to clipboard

Published 20 hours ago verified publisher icon CanHub

Veracode Scan of the app results into "377:Insecure Temporary File"

Open MGohil opened this issue 5 months ago • 6 comments

When we scan the app through Veracode to check for any static code vulnerabilities, it gives the "Insecure Temporary File". Following is detail and also provides remedies on how to fix this.

image

This error points to BitmapUtils.kt Line 461 at: https://github.com/CanHub/Android-Image-Cropper/blob/05b4d586335d6ee652f487881efd0cb54b36c43b/cropper/src/main/kotlin/com/canhub/cropper/BitmapUtils.kt#L461

Which is main reason of this issue reported by Veracode static screen.

I am not using this library directly into any native app, but using it into .NET Maui app via one of the Binding Library which originally uses this native Android library.

I have reported similar issue there too: https://github.com/jmbowman1107/ImageCropper.Maui/issues/28 but even after updating to 4.6.0 didn't resolve it.

Would you please have a look and fix this please, so we can update to latest .aar and build our .NET Maui supported binary?

Thanks, Milan G

MGohil avatar Sep 13 '24 10:09 MGohil