Sourcebrella Pinpoint 1.7.2 is officially released

Highlights:

1). Add 62 new checkers for finding sensitive data leakage in Java/Android.

2). Add C++ and Java exceptional data flow tracking. Now we can detect the memory safety bugs caused by throwing exceptions.

3). Improve multi-task scheduling and UI for better supporting multiple users.

Details are as follows:

1. New Checkers

1. Add 62 sensitive data leakage checkers to check for transmitting phone unique identifiers, clip board data, and etc. to untrusted places. Compared to other tools, Pinpoint can provide the details of the information leakage path.

sensitive data2.png

2. Add checking of sensitive data passing into unsafe APIs.

3. Add dangerous API detection to help find all the code locations calling to dangerous APIs.

2. Bug detection improvement

1. Handle exception throwing data flow paths. Previous versions cannot find the following case due to the missing of handling exception execution logic, and Pinpoint-1.7.2 can ( https://www.sourcebrella.com/online-showcase/?id=5cc058eb3a21cd077afb8e5e ):

exception.png

1. Improve JAVA resource leak checker to help find the resources created but not properly released.

resourceleak.png

3. Task Queue

1. Support running multi-tasks in parallel.

2. Show the including number of running tasks, number of queuing tasks and number of all tasks, the number of analysis workers on the UI.

taskqueue.png

4. UI and backend new features

1. Improve progress bar for report generation

2. Add a link to reports in the upper left panel

3. Break the limitation of uploading less than 16MB source code files, which is enforced by MongoDB.

ui-1.7.2.png

5. Bug Fixing

1. Fixing the false alarm of "Use of uninitialized variable" checker on multi-array

2. Fixing the false alarm of "Format string" checker on the pattern of "%*.*d"

3. Fixing the incorrect information printing on terminal

6. Appendix: New Checkers

1. Sensitive data passing into unsafe API

2. Dangerous API

3. Information leak: call state

4. Information leak: carrier config

5. Information leak: cellphone location

6. Information leak: data activity

7. Information leak: data network type

8. Information leak: data state

9. Information leak: device ID

10. Information leak: device software version

11. Information leak: forbidden PLMNs

12. Information leak: group ID of GSM phone

13. Information leak: ICC authentication

14. Information leak: IMEI

15. Information leak: phone number

16. Information leak: MEID

17. Information leak: MMS agent profile URL

18. Information leak: MMS user agent

19. Information leak: NAI

20. Information leak: neighboring cell info

21. Information leak: network country ISO

22. Information leak: network operator

23. Information leak: network operator name

24. Information leak: network specifier

25. Information leak: network type

26. Information leak: SIM carrier count

27. Information leak: phone type

28. Information leak: service state

29. Information leak: signal strength

30. Information leak: SIM carrier ID

31. Information leak: SIM carrier ID name

32. Information leak: SIM carrier country ISO

33. Information leak: SIM carrier operator

34. Information leak: SIM carrier operator name

35. Information leak: SIM carrier serial number

36. Information leak: SIM carrier state

37. Information leak: subscriber ID

38. Information leak: visual voice mail package name

39. Information leak: voice mail name

40. Information leak: voice mail number

41. Information leak: voice network type

42. Information leak: voice mail ringtone URI

43. Information leak: voice message count

44. Information leak: current phone type

45. Information leak: phone location

46. Information leak: contact and SMS information

47. Information leak: SMS message body

48. Information leak: SMS originating address

49. Information leak: email body

50. Information leak: email from

51. Information leak: email message body

52. Information leak: SMS originating address

53. Information leak: PDU

54. Information leak: SMS service center address

55. Information leak: user data

56. Information leak: router MAC address

57. Information leak: IP address

58. Information leak: MAC address

59. Information leak: wifi name (SSID)

60. Information leak: bluetooth address

61. Information leak: bluetooth name

62. Information leak: clipboard information