{
	"id": "172773",
	"key": "AC-6074",
	"fields": {
		"issuetype": {
			"id": "1",
			"description": "A problem which impairs or prevents the functions of the product.",
			"name": "Bug",
			"subtask": false
		},
		"project": {
			"id": "12217",
			"key": "AC",
			"name": "Appcelerator - INBOX",
			"projectCategory": {
				"id": "10000",
				"description": "",
				"name": "Customer Service"
			}
		},
		"resolution": {
			"id": "6",
			"description": "",
			"name": "Hold"
		},
		"resolutiondate": "2018-12-30T22:00:06.000+0000",
		"created": "2018-12-19T15:06:43.000+0000",
		"labels": [],
		"versions": [],
		"issuelinks": [],
		"assignee": {
			"name": "shossain",
			"key": "shossain",
			"displayName": "Shak Hossain",
			"active": false,
			"timeZone": "America/Los_Angeles"
		},
		"updated": "2018-12-30T22:00:07.000+0000",
		"status": {
			"description": "A resolution has been taken, and it is awaiting verification by reporter. From here issues are either reopened, or are closed.",
			"name": "Resolved",
			"id": "5",
			"statusCategory": {
				"id": 3,
				"key": "done",
				"colorName": "green",
				"name": "Done"
			}
		},
		"components": [],
		"description": "Hello,\r\n\r\nI'm working on an application and when I had a vulnerability test against this application I got a vulnerability that says,\r\n\r\n*When you delete a file using file.delete(), only the reference to the file is removed from the file system table. The file still exists on disk until other data overwrites it, leaving it vulnerable to recovery.*\r\n\r\nThis app uses file.delete() in following methods,\r\n\r\n1.org.appcelerator.kroll.util.TiTempFileHelper.doCleanTempDir() 2.org.appcelerator.titanium.util.TiFileHelper.wipeDirectoryTree() 3.org.appcelerator.titanium.util.TiFileHelper.destroyTempFiles() 4.ti.modules.titanium.media.MediaModule.launchNativeCamera() 5.org.appcelerator.titanium.io.TiFile.deleteTree() 6.org.appcelerator.titanium.io.TiFile.deleteDirectory() 7.org.appcelerator.titanium.io.TiFile.deleteFile() 8.org.appcelerator.titanium.util.TiResponseCache$TiCacheCleanup.run() 9.org.appcelerator.titanium.util.TiResponseCache$TiCacheRequest.abort() 10.ti.modules.titanium.media.MediaModule$CameraResultHandler.checkAndDeleteDuplicate( )\r\n11.ti.modules.titanium.media.MediaModule$CameraResultHandler.onError() 12.ti.modules.titanium.media.MediaModule$CameraResultHandler.onResult() 13.ti.modules.titanium.network.TiHTTPClient.deleteTmpFiles()\r\n\r\nMy question is, how can I cater this issue? This is a serious vulnerability and a threat to application's security.\r\n\r\nPlease have a look and provide your feedback.\r\n\r\nThank you.",
		"attachment": [],
		"flagged": false,
		"summary": "File unsafe Delete Check - Android",
		"creator": {
			"name": "muhammadsabir",
			"key": "muhammadsabir",
			"displayName": "Muhammad Sabir",
			"active": true,
			"timeZone": "America/Los_Angeles"
		},
		"subtasks": [],
		"reporter": {
			"name": "muhammadsabir",
			"key": "muhammadsabir",
			"displayName": "Muhammad Sabir",
			"active": true,
			"timeZone": "America/Los_Angeles"
		},
		"environment": null,
		"comment": {
			"comments": [
				{
					"id": "444766",
					"author": {
						"name": "rmitro",
						"key": "rmitro",
						"displayName": "Rakhi Mitro",
						"active": false,
						"timeZone": "America/Los_Angeles"
					},
					"body": "Hello,\r\n\r\nThanks for reporting this. We need more information here. It would be better to investigate if you can send us the steps to reproduce this on our end.\r\n\r\n",
					"updateAuthor": {
						"name": "rmitro",
						"key": "rmitro",
						"displayName": "Rakhi Mitro",
						"active": false,
						"timeZone": "America/Los_Angeles"
					},
					"created": "2018-12-20T05:04:49.000+0000",
					"updated": "2018-12-20T05:04:49.000+0000"
				},
				{
					"id": "444807",
					"author": {
						"name": "muhammadsabir",
						"key": "muhammadsabir",
						"displayName": "Muhammad Sabir",
						"active": true,
						"timeZone": "America/Los_Angeles"
					},
					"body": "Hello Rakhi Mitro,\r\n\r\nThank you for your swift reply.\r\n\r\nActually we've not use *file.delete()* in our code. After completing the development and QA cycle we had a vulnerability test on our application by a third party tool *QUIXXI Solutions*.\r\n\r\nThey find out this vulnerability that I have mentioned in description.\r\n\r\nWe're not using this method in our code but it is still coming due to the builtin libraries that are using this method i.e. *file.delete*. I believe if we run a vulnerability test on a default application created by Appcelerator, this vulnerability would appear as Appcelerator is using these builtin libraries to compile applications.\r\n\r\nMy question is, how can we get rid of this vulnerability?\r\n\r\nLooking forward to hear back from you.\r\n\r\nThank you.",
					"updateAuthor": {
						"name": "muhammadsabir",
						"key": "muhammadsabir",
						"displayName": "Muhammad Sabir",
						"active": true,
						"timeZone": "America/Los_Angeles"
					},
					"created": "2018-12-21T18:05:45.000+0000",
					"updated": "2018-12-21T18:05:45.000+0000"
				},
				{
					"id": "444817",
					"author": {
						"name": "sdarda",
						"key": "sdarda",
						"displayName": "Sharif AbuDarda",
						"active": false,
						"timeZone": "Asia/Dhaka"
					},
					"body": "Hello, This should not cause any issue in the app performance or security. Also, the app store or play store does not recognize this as a security threat. This issue was detected by a third party tool, a native report of the issue would have been more concerning. We will keep this open, Our engineers might be interested to look into it. Thanks.",
					"updateAuthor": {
						"name": "sdarda",
						"key": "sdarda",
						"displayName": "Sharif AbuDarda",
						"active": false,
						"timeZone": "Asia/Dhaka"
					},
					"created": "2018-12-22T22:38:58.000+0000",
					"updated": "2018-12-22T22:38:58.000+0000"
				}
			],
			"maxResults": 3,
			"total": 3,
			"startAt": 0
		}
	}
}