{
	"id": "175857",
	"key": "AC-6640",
	"fields": {
		"issuetype": {
			"id": "1",
			"description": "A problem which impairs or prevents the functions of the product.",
			"name": "Bug",
			"subtask": false
		},
		"project": {
			"id": "12217",
			"key": "AC",
			"name": "Appcelerator - INBOX",
			"projectCategory": {
				"id": "10000",
				"description": "",
				"name": "Customer Service"
			}
		},
		"resolution": null,
		"resolutiondate": null,
		"created": "2020-12-04T10:31:02.000+0000",
		"labels": [
			"android"
		],
		"versions": [],
		"issuelinks": [],
		"assignee": {
			"name": "amukherjee",
			"key": "amukherjee",
			"displayName": "Abir Mukherjee",
			"active": true,
			"timeZone": "America/Los_Angeles"
		},
		"updated": "2020-12-07T13:34:03.000+0000",
		"status": {
			"description": "The issue is open and ready for the assignee to start work on it.",
			"name": "Open",
			"id": "1",
			"statusCategory": {
				"id": 2,
				"key": "new",
				"colorName": "blue-gray",
				"name": "To Do"
			}
		},
		"components": [],
		"description": "We have run security checks tools (ZIMPERIUM) for our android app which builds on titanium SDK. \r\n\r\nCheck the below output:\r\n\r\nThis app uses Java code reflection. Reflection enables a Java program to analyze and modify itself. An attacker can create unexpected control flow paths through the application, potentially by-passing security checks. The exploitation of this weakness can result in a limited form of code injection.\r\n\r\nDetails:\r\norg.appcelerator.titanium.util.TiUIHelper\r\nti.modules.titanium.ui.widget.webview.TiUIWebView\r\norg.jaxen.dom.NamespaceNode\r\norg.appcelerator.titanium.view.TiUIView\r\norg.appcelerator.titanium.proxy.TiViewProxy\r\n\r\nIs there is any concern about this. \r\n",
		"attachment": [],
		"flagged": false,
		"summary": "Is it possible titanium android app uses java reflection to create unexpected flow path through application",
		"creator": {
			"name": "shishir.roy",
			"key": "shishir.roy",
			"displayName": "shishir.roy",
			"active": true,
			"timeZone": "America/Los_Angeles"
		},
		"subtasks": [],
		"reporter": {
			"name": "shishir.roy",
			"key": "shishir.roy",
			"displayName": "shishir.roy",
			"active": true,
			"timeZone": "America/Los_Angeles"
		},
		"environment": "Android",
		"comment": {
			"comments": [
				{
					"id": "457820",
					"author": {
						"name": "topener",
						"key": "topener",
						"displayName": "Rene Pot",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"body": "This is only a problem if you allow users to input JavaScript and eval this code to generate more UI. If you sanitize your inputs you will not have any problems. Letting users input code also means reading JavaScript from webviews and running that blindly in Titanium itself, (not in the webview). \r\n\r\nWebViews have an EvalJS option, but you are in full control of what goes through this, and this is from Titanium to WebView. ",
					"updateAuthor": {
						"name": "topener",
						"key": "topener",
						"displayName": "Rene Pot",
						"active": true,
						"timeZone": "Europe/Berlin"
					},
					"created": "2020-12-07T13:34:03.000+0000",
					"updated": "2020-12-07T13:34:03.000+0000"
				}
			],
			"maxResults": 1,
			"total": 1,
			"startAt": 0
		}
	}
}