Merge pull request #40 from talsec/rc/3.6.0

Release 3.6.0

Author: xprikryl2

CHANGELOG.md

@@ -1,3 +1,18 @@
+# freeRASP 3.6.0
+
+- ⚡ Improved reaction obfuscation
+- 📄 Documentation updates
+
+### Android
+
+- ⚡ Fixed ProviderException which could be occassionally triggered
+- ⚡ Fixed bug causing incompatibility with some versions of React Native ([#38](https://github.com/talsec/Free-RASP-ReactNative/issues/38))
+
+### iOS
+
+- ❗ Raised supported Xcode version to 14.3.1
+- ⚡ Improved SDK obfuscation
+
 # freeRASP 3.5.0
 
 - ⚠️ Updated the `talsecStart()` method to return `Promise<string>`. If freeRASP starts successfuly, the method will return `freeRASP started` string. There are not any changes of the interface if you are using the provided `useFreeRasp` hook.

README.md

@@ -9,7 +9,6 @@ freeRASP for React Native is a mobile in-app protection and security monitoring
 # :notebook_with_decorative_cover: Table of contents
 
 - [Overview](#overview)
-- [Requirements](#requirements)
 - [Usage](#usage)
   - [(Optional) Create a new React Native demo application](#optional-create-a-new-react-native-demo-application)
   - [Step 1: Install the plugin](#step-1-install-the-plugin)
@@ -65,13 +64,6 @@ Learn more about commercial features at [https://talsec.app](https://talsec.app)
 
 Learn more about freemium freeRASP features at [GitHub main repository](https://github.com/talsec/Free-RASP-Community).
 
-# Requirements
-
-Following minimal version requirements have to be met
-in order to run freeRASP in your app:
-
-- `react-native` >= `0.65.3`
-
 # Usage
 
 We will guide you step-by-step, but you can always check the expected result in the example folder.
@@ -164,7 +156,7 @@ const config = {
 
    - `packageName` _: string_ - package name of your app you chose when you created it
    - `certificateHashes` _: string[]_ - hash of the certificate of the key which was used to sign the application. **Hash which is passed here must be encoded in Base64 form.** If you are not sure how to get your certificate hash, you can check out the guide on our [Github wiki](https://github.com/talsec/Free-RASP-Community/wiki/Getting-your-signing-certificate-hash-of-app). Multiple hashes are supported, e.g. if you are using a different one for the Huawei App Gallery.
-   - `supportedAlternativeStores` _: string[] | undefined_ - Google Play Store and Huawei AppGallery are supported out of the box, you **don't have to assign anything**. You can add other stores like the Samsung Galaxy Store in the example code (```com.sec.android.app.samsungapps```). For more information, visit the  [Detecting Unofficial Installation](https://github.com/talsec/Free-RASP-Community/wiki/Threat-detection#detecting-unofficial-installation) wiki page.
+   - `supportedAlternativeStores` _: string[] | undefined_ - Google Play Store and Huawei AppGallery are supported out of the box, you **don't have to assign anything**. You can add other stores like the Samsung Galaxy Store in the example code (`com.sec.android.app.samsungapps`). For more information, visit the [Detecting Unofficial Installation](https://github.com/talsec/Free-RASP-Community/wiki/Threat-detection#detecting-unofficial-installation) wiki page.
 
 1. `iosConfig` _: object | undefined_ - required for iOS devices, has following keys:
    - `appBundleId` _: string_ - Bundle ID of your app
@@ -387,24 +379,26 @@ To receive Security Reports, fill out the _watcherMail_ field in [config](#confi
 
 ![dashboard](https://raw.githubusercontent.com/talsec/Free-RASP-Community/master/visuals/dashboard.png)
 
-# :money_with_wings: Talsec Commercial Subscriptions 
+# :money_with_wings: Talsec Commercial Subscriptions
+
 Talsec offers commercial plans on top of freeRASP (Business RASP+):
-* No limits of Fair Usage Policy (100K App Downloads) 
-* No Data Collection from your app
-* FinTech grade security, features and SLA (see more in [this post](https://github.com/orgs/talsec/discussions/5))
-* Protect APIs and risk scoring by AppiCrypt®
+
+- No limits of Fair Usage Policy (100K App Downloads)
+- No Data Collection from your app
+- FinTech grade security, features and SLA (see more in [this post](https://github.com/orgs/talsec/discussions/5))
+- Protect APIs and risk scoring by AppiCrypt®
 
 Learn more at [talsec.app](https://talsec.app).
 
 Not to overlook, the one of the most valued commercial features is [AppiCrypt®](https://www.talsec.app/appicrypt) - App Integrity Cryptogram.
 
 It allows easy-to-implement API protection and App Integrity verification on the backend to prevent API abuse:
 
--   Bruteforce attacks
--   Botnets
--   API abuse by App impersonation
--   Session-hijacking
--   DDoS
+- Bruteforce attacks
+- Botnets
+- API abuse by App impersonation
+- Session-hijacking
+- DDoS
 
 It is a unified solution that works across all mobile platforms without dependency on external web services (i.e., without extra latency, an additional point of failure, and maintenance costs).
 

android/build.gradle

@@ -78,14 +78,15 @@ rootProject.allprojects {
 }
 
 def kotlin_version = getExtOrDefault("kotlinVersion")
+def react_native_version = getExtOrDefault("reactNativeVersion")
 
 dependencies {
   // For < 0.71, this will be from the local maven repo
   // For > 0.71, this will be replaced by `com.facebook.react:react-android:$version` by react gradle plugin
   //noinspection GradleDynamicVersion
-  implementation "com.facebook.react:react-native"
+  implementation "com.facebook.react:react-native:$react_native_version"
   implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
-  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:8.3.0"
+  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:9.0.0"
 }
 
 if (isNewArchitectureEnabled()) {

android/gradle.properties

@@ -2,4 +2,5 @@ FreeraspReactNative_kotlinVersion=1.7.0
 FreeraspReactNative_minSdkVersion=23
 FreeraspReactNative_targetSdkVersion=31
 FreeraspReactNative_compileSdkVersion=33
-FreeraspReactNative_ndkversion=21.4.7075529
+FreeraspReactNative_ndkversion=21.4.7075529
+FreeraspReactNative_reactNativeVersion=+

ios/TalsecRuntime.xcframework/Info.plist

@@ -6,30 +6,30 @@
 	<array>
 		<dict>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64_x86_64-simulator</string>
+			<string>ios-arm64</string>
 			<key>LibraryPath</key>
 			<string>TalsecRuntime.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
-			<key>SupportedPlatformVariant</key>
-			<string>simulator</string>
 		</dict>
 		<dict>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64</string>
+			<string>ios-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>TalsecRuntime.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
+				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>simulator</string>
 		</dict>
 	</array>
 	<key>CFBundlePackageType</key>

ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/CurlWrapper.h

@@ -16,7 +16,7 @@
 #include <unistd.h>
 #include <string.h>
 
-struct MRBKHkNLymuB {
+struct IJEoyzefwvew {
     char *memory;
     size_t size;
     CURLcode ret;

ios/TalsecRuntime.xcframework/ios-arm64/TalsecRuntime.framework/Headers/TalsecRuntime-Swift.h

@@ -1,6 +1,6 @@
 #if 0
 #elif defined(__arm64__) && __arm64__
-// Generated by Apple Swift version 5.8 (swiftlang-5.8.0.124.2 clang-1403.0.22.11.100)
+// Generated by Apple Swift version 5.8.1 (swiftlang-5.8.0.124.5 clang-1403.0.22.11.100)
 #ifndef TALSECRUNTIME_SWIFT_H
 #define TALSECRUNTIME_SWIFT_H
 #pragma clang diagnostic push
@@ -281,7 +281,7 @@ typedef unsigned int swift_uint4  __attribute__((__ext_vector_type__(4)));
 
 #if defined(__OBJC__)
 
-SWIFT_EXTERN void __gEpMdsSyQvqeuMjBPsfuvPt(void);
+SWIFT_EXTERN void __FlQXVgtWTdusubZZgVYGfrP(void);
 
 #endif
 #if defined(__cplusplus)