Skip to content

FlutterFlow Integration

Jump to bottom
Jaroslav Novotný edited this page Jul 19, 2023 · 8 revisions

This page provides you all necessary information about freeRASP integration for FlutterFlow. Please read it carefully. If you have question, don't hesitate to open an issue.

Content of page

  • Importing freeRASP action from marketplace
  • Implementing freeRASP
  • Dev vs Release version
  • Limitations

Importing freeRASP from marketplace

Implementing freeRASP

In this section, you will implement the imported freeRASP action.

  1. Navigate to the UI Builder.
  2. On the right panel, click on Actions.
  3. In the "Action Flow Editor" box, click "Open".
  4. In the newly opened window, click on "On Page Load" at the top.
  5. Click "Add Action" (or "+" and then "Add Action", if you already have an action).
  6. On the left panel, search for the "runRASP" action.
  7. Select the "runRASP" action.

ℹ️ In the "Set Function Arguments" section, you will find the configuration and several "onX" arguments. We will discuss these in the upcoming subsections.

  1. Once you have provided the necessary configuration and callbacks, you can close the Action Flow Editor.

Providing configuration

freeRASP action requires TalsecConfig to function. TalsecConfig is a custom data type that stores application-specific data.

At least three parameters must be provided to properly initialize TalsecConfig:

  • watcherMail
  • isProd
  • androidConfig and/or iosConfig

watcherMail
watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict [email protected] format.

isProd
isProd is a boolean flag that determines whether the freeRASP is in dev or release version.

androidConfig
androidConfig contains configuration settings specific to the Android version of your application. Further details about the androidConfig can be found in the Android configuration subsection.

iosConfig
iosConfig contains configuration settings specific to the iOS version of your application. Further details about the iosConfig can be found in the iOS configuration subsection.

To provide TalsecConfig:

  1. Open Action Flow Editor with runRASP action.
  2. Open dropdown menu "configuration" on the right panel.
  3. In the value box, click on "UNSET".
  4. From the list, select "Create Data Type".
  5. In the sublist, select "TalsecConfig".
  6. To provide the arguments, click on "Add Field". This will progressively display all the available parameters.

Android configuration

This subsection provides a description of all the arguments within the androidConfig parameter and explains where to find them or how to obtain them.

packageName
packageName is a unique identifier for your application.

You can find packageName value for your application in FlutterFlow settings:

  1. Navigate to Settings and Integrations.
  2. Locate and select "App Details".
  3. In the textbox labeled "Package Name," you will find the package name associated with your application.

signingCertHashes
signingCertHashes is a list of hashes of the certificates of the keys which were used to sign the application. At least one hash value must be provided.

⚠️ Hashes which are passed here must be encoded in Base64 form. ⚠️

More about signing hash and how to obtain it on this wiki page.

supportedStores (optional)
supportedStores is a list of third-party app stores to which your application is uploaded. By including these stores in the supportedStores list, freeRASP considers them as trusted sources.

To add store, you add package name of store to the list.

💡 Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

androidConfig is provided similarly as TalsecConfig.

iOS configuration

This subsection provides a description of all the arguments within the iosConfig parameter and explains where to find them or how to obtain them.

bundleIds
bundleIds is list of unique identifiers for your application.

teamId
teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

iosConfig is provided similarly as TalsecConfig.

Providing callbacks

Dev vs Release version

The Dev version of freeRASP is utilized during the development phase. It serves the purpose of segregating development and production data, as well as disabling certain checks that are not applicable during the development process. These checks include:

  • Emulator usage (onEmulatorDetected, onSimulatorDetected)
  • Debugging (onDebuggerDetected)
  • Signing (onTamperDetected, onSignatureDetected)
  • Unofficial store (onUntrustedInstallationSource, onUnofficialStoreDetected)

Limitations

Subscribe to stay in tune

Clone this wiki locally