mobsf.mobsfscan.hidden_ui.android_hidden_ui

profile photo of MobSFMobSF
Author
507
Download Count*
GPLv3
License

Hidden elements in view can be used to hide data from user. But this data can be leaked.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: android_hidden_ui
    patterns:
      - pattern-either:
          - pattern: |
              $X.setVisibility(View.GONE);
          - pattern: |
              $V = View.GONE;
              ...
              $X.setVisibility($V);
          - pattern: |
              $X.setVisibility(View.INVISIBLE);
          - pattern: |
              $V = View.INVISIBLE;
              ...
              $X.setVisibility($V);
    message: Hidden elements in view can be used to hide data from user. But this
      data can be leaked.
    languages:
      - java
    severity: ERROR
    metadata:
      cwe: cwe-919
      owasp-mobile: m1
      masvs: storage-7
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7
      license: LGPL-3.0-or-later