bruno icon indicating copy to clipboard operation
bruno copied to clipboard
verified publisher icon usebruno

Hybrid analysis of Bruno is flagged as malicious. need confirmation if this is false positive.

Open sanket-bhalerao opened this issue 1 year ago • 7 comments

I have checked the following:

  • [X] I use the newest version of bruno.
  • [X] I've searched existing issues and found nothing related to my issue.

Describe the bug

Hybrid analysis tool flagged the v1.30 as malicious. can you please confirm if this is a false positive?

.bru file to reproduce the bug

No response

Screenshots/Live demo link

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'bruno_1.30.0_x64_win.exe' (hybrid-analysis.com)

Dynamic Analysis.pdf MITRE ATT&CK.pdf Static Analsyis.pdf

sanket-bhalerao avatar Oct 07 '24 09:10 sanket-bhalerao

Can someone from the dev team check this? Is it false positive?

DhruvKai avatar Oct 07 '24 09:10 DhruvKai

We are currently investigating this issue and will provide an update within the next week.

helloanoop avatar Oct 27 '24 11:10 helloanoop

Hi,

Do you have any update on this?

On Sun, 27 Oct, 2024, 4:46 pm Anoop M D, @.***> wrote:

We are currently investigating this issue and will provide an update within the next week.

— Reply to this email directly, view it on GitHub https://github.com/usebruno/bruno/issues/3259#issuecomment-2439971884, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOLVTDFT6BUJZTQ7XKIZVODZ5TDPBAVCNFSM6AAAAABPPQ7NAOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZZHE3TCOBYGQ . You are receiving this because you commented.Message ID: @.***>

DhruvKai avatar Nov 05 '24 11:11 DhruvKai

any updates?

abogadatos avatar Feb 13 '25 16:02 abogadatos

Hello Team, Do you have any update still I can see this issue under 2.x version

mimanish4u avatar Apr 11 '25 15:04 mimanish4u

This is a false positive.

Bruno is a filesystem-based API client designed to operate directly on the filesystem. Reading and writing files, scripting, and spawning subprocesses are essential functionalities inherent to the application's normal operation.

helloanoop avatar Apr 17 '25 14:04 helloanoop

Bump. What could be more pertinent than this issue? It makes the app very if difficult if not impossible to use for myself, let alone others on my team who might consider adopting it for testing.

mattc8818 avatar May 15 '25 19:05 mattc8818

As @helloanoop mentioned earlier this is a false positive. Closing this issue.

anusree-bruno avatar Jun 10 '25 10:06 anusree-bruno