complete description for rule hidden_ui

MobSF · Jun 14, 2024 · 35abb83 · 35abb83
1 parent 7342a3d
commit 35abb83
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/mobsfscan/rules/semgrep/android/hidden_ui.yaml b/mobsfscan/rules/semgrep/android/hidden_ui.yaml
@@ -17,12 +17,13 @@ rules:
     message: >-
       Hidden elements in view can be used to hide data from user. But this data
       can be leaked. If the view contains sensitive data, it might still be accessible through memory inspection.
+      A good practice is to clear sensitive data before hiding it.
     languages:
       - java
     severity: ERROR
     metadata:
       cwe: cwe-919
       owasp-mobile: m1
       masvs: storage-7
-      references:
-      - https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7
+      reference: >-
+        https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05d-Testing-Data-Storage.md#checking-for-sensitive-data-disclosure-through-the-user-interface-mstg-storage-7