SelfPrivacy
/
selfprivacy.org.app
10
7
Fork 5
Code Issues 79 Pull Requests 4 Projects 1 Releases 24 Wiki Activity

Possible misuses of Crypto-APIs #107

New Issue
Closed
opened 2022-08-07 23:21:06 +03:00 by Ghost · 2 comments
Ghost commented 2022-08-07 23:21:06 +03:00

Hello,

I'm a PhD student interested in finding security vulnerabilities in open source projects.

We found some warnings (indicating potential vulnerabilities) when running a static analysis tool on SelfPrivacy (or its library dependencies). We documented some of these issues in private gists for the sake of confidentiality (non-disclosure).

Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve SelfPrivacy's security, and the quality of the reports of static analysis tools.

Thanks for your help.

Hello, I'm a PhD student interested in finding security vulnerabilities in open source projects. We found some warnings (indicating potential vulnerabilities) when running a static analysis tool on SelfPrivacy (or its library dependencies). We documented some of these issues in private gists for the sake of confidentiality (non-disclosure). Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve SelfPrivacy's security, and the quality of the reports of static analysis tools. Thanks for your help.
inex commented 2022-08-10 13:28:13 +03:00
Owner

Hi! Please report this to us at security@selfprivacy.org

Thanks!

Hi! Please report this to us at security@selfprivacy.org Thanks!
🎉 1
inex was assigned by NaiJi 2022-08-10 13:28:43 +03:00
inex commented 2022-12-31 06:58:49 +02:00
Owner

Didn't receive any answer, closing.

Didn't receive any answer, closing.
inex closed this issue 2022-12-31 06:58:50 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
translations
backup-size-details
add-country-names
master
inex/april-refactor
def/feat_copy_onSecondaryTap_about_page
add_complated_state_for_jobs_widget
add_load_animation_to_providers
add_loading_caption_to_providers
backblaze-refactor
update_description
dto
restore-strategy
backups-testing
def/md_edit
routes-refactor
error-handling
v.0.6.0-semver
cicd
fdroid
0.11.0
0.10.1
0.10.0
0.9.1
0.9.0
0.8.0
0.7.0
0.7.0-test
0.6.0-test
0.6.0
v.0.6.0
v.0.5.3
v.0.5.2
v0.5.2
v.0.5.1
v.0.5.0
v.0.4.2
v.0.4.0
v.0.3.0
v.0.2.4
v.0.1.3
v.0.1.2
v.0.1.1
v.0.1.0
Labels
Clear labels   
Blocked

Issue that can't be resolved right now due to some circumstances   
Bug

Discovered issue that affects regular operation   
Contributions welcome
   
Did not do

Issue is not queued for resolution due to low priority or introduced difficulties during the resolution   
Errata

Known issue with available workaround   
Feature request

Functionality/usability enchansement   
Fixed

Issue resolved in one of the application/backend releases   
How To

Question, regarding product operation   
Invalid
   
Needs design

A sketch or detailed description of the feature look is wanted   
No resolution

Issue is not queued for resolution due to architecture pecularities
  
Priority
Critical
   
Priority
High
   
Priority
Low
   
Priority
Medium
  
Providers
Digital Ocean
Issues related to Digital Ocean REST API   
Providers
Hetzner
Issues related to Hetzner REST API
  
Refactor
  
Severity
High
   
Severity
Low
   
Severity
Medium
  
Source
Community
Feature requests and bugs reported on our support chats   
Source
Core Team
   
Source
Stakeholders
Kirill, NLnet, and others
  
Translations
   
Under investigation

Issue details are currently being investigated
No Label
Blocked
Bug
Contributions welcome
Did not do
Errata
Feature request
Fixed
How To
Invalid
Needs design
No resolution
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Providers
Digital Ocean
Providers
Hetzner
Refactor
Severity
High
Severity
Low
Severity
Medium
Source
Community
Source
Core Team
Source
Stakeholders
Translations
Under investigation
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
inex
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy.org.app#107
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?