privado
privado copied to clipboard
Privado-Inc
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
**Describe the bug** Reported [here](https://github.com/Privado-Inc/privado/issues/21#issuecomment-1155992270) in #21 by @MrCsabaToth **Problem**: Does not populate ARCore-based PIIs This is because Privado populates form values based on third parties only if data elements...
**Describe the bug**: Unhandled `AccessDeniedException` **Environment**: CentOS VM created using VMWare ESXI Hypervisor **** **Observed Behaviour**: On running the scan in non-debug mode, the scan gets stuck after "Guessing language."...
**Describe the bug** Getting an error adding a custom rules folder to the CLI. **To Reproduce** Steps to reproduce the behavior: 1. Set up a repository for the scan. In...
**Describe the bug** Getting Java.net.MalformedURLException when result is exported **To Reproduce** Steps to reproduce the behavior: 1. Scan a repo 2. In result exporting step, getting the following error **Expected...
The current rule definition takes in a list of patterns; however, only the first one is tagged as a `sink`, and the rest of the patterns are ignored. This creates...
**Is your feature request related to a problem? Please describe.** Currently we only show sinks under inventory where there is a valid flow, this becomes a problem when we start...
**Is your feature request related to a problem? Please describe.** When insert query is fired with executeQuery its been marked as DB read. **Describe the solution you'd like** As of...
**Describe the bug** Section titles are too short to be distinguished properly. **To Reproduce** Open the Code Analysis pane of one project with both `Java Database Connector (Write)` and `Java...
**Is your feature request related to a problem? Please describe.** Code is included in the scan results (as "excerpt") which is used to provide context for the finding. If someone...
**Describe the bug** email validation links or password reset links risk leaking information (ex: https://email.auth.privado.ai/prod/redirect?code=&username=&clientId=®ion=eu-west-1&email=&isCLI=true&website=). I’m certain all that GET data could be POSTed, encrypted, tokenized, or otherwise set up...
Metadata
Owner
Metadata
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.