How can I address below iOS vulnerabilities (Xamarin Forms) which is reported by MobSF tool?
Binary makes use of insecure API(s) --> The binary may contain the following insecure API(s) _sscanf , _chmod , _strcat, _strcpy , _printf , _strncpy , _vsnprintf , _vsprintf, _memcpy , _strlen , _sprintf ,_fopen , _stat.
Binary makes use of the insecure Random function(s) --> The binary may use the following insecure Random function(s) _random.
Binary makes use of malloc function --> The binary may use _malloc function instead of calloc.
App is developed by using Xamarin Forms. For resolving the above vulnerabilities, I tried searching these functions in my application but I was not able to find. Even I am not using any random functions as well.
In this link it is said it's false positive: https://github.com/xamarin/xamarin-macios/issues/12612
I tried below steps to resolve this:
- Searched my solution if we are using any Random function but we're not using it.
- Even not using insecure calls to API.
- Not using any malloc functions as well.
- Used Re-sharper to decompile the DLLs and searched their as well.
- Not using below function as well:
{
byte[] randomBytes = new byte[32];
secureRandom.NextBytes(randomBytes);
}```
- Malloc/ Calloc:
`byte[] byteArray = new byte[size];`