From 7342a3d4ed947e7c0b4c3cff518ca8b220215534 Mon Sep 17 00:00:00 2001
From: Sebastian Revuelta <sebastianrevuelta@gmail.com>
Date: Fri, 31 May 2024 11:11:49 +0200
Subject: [PATCH 1/2] improve description and reference format

---
 mobsfscan/rules/semgrep/android/hidden_ui.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mobsfscan/rules/semgrep/android/hidden_ui.yaml b/mobsfscan/rules/semgrep/android/hidden_ui.yaml
index 1486b4d..235965a 100644
--- a/mobsfscan/rules/semgrep/android/hidden_ui.yaml
+++ b/mobsfscan/rules/semgrep/android/hidden_ui.yaml
@@ -16,7 +16,7 @@ rules:
               $X.setVisibility($V);
     message: >-
       Hidden elements in view can be used to hide data from user. But this data
-      can be leaked.
+      can be leaked. If the view contains sensitive data, it might still be accessible through memory inspection.
     languages:
       - java
     severity: ERROR
@@ -24,5 +24,5 @@ rules:
       cwe: cwe-919
       owasp-mobile: m1
       masvs: storage-7
-      reference: >-
-        https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7
+      references:
+      - https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7

From 35abb83ce250d8aa8498538019e30266c1c6d470 Mon Sep 17 00:00:00 2001
From: Sebastian Revuelta <sebastianrevuelta@gmail.com>
Date: Fri, 14 Jun 2024 13:01:22 +0200
Subject: [PATCH 2/2] complete description for rule hidden_ui

---
 mobsfscan/rules/semgrep/android/hidden_ui.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mobsfscan/rules/semgrep/android/hidden_ui.yaml b/mobsfscan/rules/semgrep/android/hidden_ui.yaml
index 235965a..c1fbd4f 100644
--- a/mobsfscan/rules/semgrep/android/hidden_ui.yaml
+++ b/mobsfscan/rules/semgrep/android/hidden_ui.yaml
@@ -17,6 +17,7 @@ rules:
     message: >-
       Hidden elements in view can be used to hide data from user. But this data
       can be leaked. If the view contains sensitive data, it might still be accessible through memory inspection.
+      A good practice is to clear sensitive data before hiding it.
     languages:
       - java
     severity: ERROR
@@ -24,5 +25,5 @@ rules:
       cwe: cwe-919
       owasp-mobile: m1
       masvs: storage-7
-      references:
-      - https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7
+      reference: >-
+        https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7