Merge pull request #85 from talsec/release-3.9.0

Release 3.9.0

Author: msikyna

CHANGELOG.md

@@ -5,6 +5,50 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.9.0] - 2024-09-25
+
+- Android SDK version: 11.1.0
+- iOS SDK version: 6.6.0
+
+### React Native
+
+#### Fixed
+
+- Fixed incorrect path to types in package.json
+
+#### Changed
+
+- Improved error messages when validation of the freeRASP configuration fails
+
+### Android
+
+#### Added 
+
+- Added the auditing of the internal execution for the future check optimization and overall security improvements.
+
+#### Fixed
+
+- Fixed native crashes (SEGFAULT errors) in `ifpip` method
+- Fixed collision for command line tools (like ping) invoked without absolute path
+
+#### Changed
+
+- ❗️Breaking: Changed the way TalsecConfig is created, we introduced a Builder pattern to make the process more streamlined and readable
+- Updated OpenSSL to version 3.0.14
+- Updated CURL to version 8.8.0
+- Refactored fetching the list of installed applications for root and hook detection.
+
+### iOS
+
+#### Added 
+
+- [Dopamine](https://github.com/opa334/Dopamine) jailbreak detection.
+
+#### Changed
+
+- Updated OpenSSL to version 3.0.14
+- Updated CURL to version 8.8.0
+
 ## [3.8.2] - 2024-09-02
 
 ### React Native
@@ -29,13 +73,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Android
 
 - ⚡ Added new threat `devMode` for Developer mode detection
-- ⚡ Enhanced and accelerated the data collection logic
 - ⚡ Fixed proguard warning in specific versions of RN
 - ⚡ Fixed issue with Arabic alphabet in logs caused by the device’s default system locale
 - ✔️ Increased the version of the GMS dependency
 - ✔️ Updated CA bundle
 
 ### iOS
+- ⚡ Enhanced and accelerated the data collection logic
 - ⚡ Fixed issue with Arabic alphabet in logs caused by the device’s default system locale
 - ⚡ Passcode check is now periodical
 - ✔️ Updated CA bundle

README.md

@@ -8,7 +8,7 @@
 
 freeRASP for React Native is a mobile in-app protection and security monitoring plugin. It aims to cover the main aspects of RASP (Runtime App Self Protection) and application shielding.
 
-:loudspeaker: The official documentation has been moved to a new location. You can now find it [here](https://docs.talsec.app/freerasp). :loudspeaker:
+:loudspeaker: The official documentation has been moved to a new location. You can now find it [here](https://docs.talsec.app/docs-and-articles-portal). :loudspeaker:
 
 
 # Overview
@@ -46,10 +46,12 @@ Learn more about commercial features at [https://talsec.app](https://talsec.app)
 
 Learn more about freemium freeRASP features at [GitHub main repository](https://github.com/talsec/Free-RASP-Community).
 
-# :book: Discover Official Documentation
-Visit the [GitBook page](https://docs.talsec.app/freerasp) for comprehensive and up-to-date guides, tutorials, and technical documentation. It serves as your go-to resource, offering everything from basic instructions to advanced tips and tricks to help you get the most out of the project.
+# :book: Discover the Official freeRASP Documentation
+
+Visit the [GitBook page](https://docs.talsec.app/freerasp) for comprehensive and up-to-date guides, tutorials, and technical documentation specifically for freeRASP. It serves as your go-to resource, offering everything from basic instructions to advanced tips and tricks to help you get the most out of the project.
 
 ## :link: Integration Guide
+
 For integrating freeRASP on the React Native platform, be sure to follow all the steps in the [Integration Guide](https://docs.talsec.app/freerasp/integration). This guide provides detailed instructions to help you achieve a smooth and efficient integration.
 
 Be sure to bookmark it and stay informed! :books: :sparkles:.
@@ -61,6 +63,7 @@ If you have any suggestions for improvement or notice anything that could be cla
 For information on older integration methods, you can refer to the [freeRASP wiki](https://github.com/talsec/Free-RASP-ReactNative/wiki), which includes comprehensive legacy details and guidance. Additionally, the old integration can be found when you checkout to a specific tag. Your input is invaluable in helping us improve our resources and provide even better support for your needs.
 
 # :rocket: What's New and Changelog
+
 Stay informed and make the most of freeRASP by checking out [What's New and Changelog](https://docs.talsec.app/freerasp/whats-new-and-changelog)! Here, you’ll discover the latest features, enhancements, and bug fixes we’ve implemented to improve your experience across all platforms, including Android, iOS, Flutter, React Native, Capacitor, and Cordova. 
 
 Don’t miss out on any updates and explore the changelog to see how we’re continually making freeRASP better for you!
@@ -70,3 +73,6 @@ Don’t miss out on any updates and explore the changelog to see how we’re con
 If you have any ideas for improvements, feel free to [raise an issue](https://github.com/talsec/Free-RASP-ReactNative/issues) and mark it with an **enhancement** label. We track these enhancements using [GitHub Projects](https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects) to keep tasks organized and connected to relevant issues or pull requests.
 
 You can check out the project board [here](https://github.com/orgs/talsec/projects/2).
+
+# :page_facing_up: License
+This project is provided as freemium software, i.e. there is a fair usage policy that imposes some limitations on the free usage. The SDK software consists of open-source and binary parts, which is the property of Talsec. The open-source part is licensed under the MIT License - see the LICENSE file for details.

android/build.gradle

@@ -87,7 +87,7 @@ dependencies {
   //noinspection GradleDynamicVersion
   implementation "com.facebook.react:react-native:$react_native_version"
   implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
-  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:9.6.0"
+  implementation "com.aheaditec.talsec.security:TalsecSecurity-Community-ReactNative:11.1.0"
 }
 
 if (isNewArchitectureEnabled()) {

android/src/main/java/com/freeraspreactnative/FreeraspReactNativeModule.kt

@@ -9,6 +9,7 @@ import com.facebook.react.bridge.ReactApplicationContext
 import com.facebook.react.bridge.ReactContextBaseJavaModule
 import com.facebook.react.bridge.ReactMethod
 import com.facebook.react.bridge.ReadableMap
+import com.facebook.react.bridge.UiThreadUtil.runOnUiThread
 import com.facebook.react.bridge.WritableArray
 import com.facebook.react.modules.core.DeviceEventManagerModule
 
@@ -32,17 +33,18 @@ class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
   ) {
 
     try {
-      val config = parseTalsecConfig(options)
+      val config = buildTalsecConfig(options)
       FreeraspThreatHandler.listener = ThreatListener
       listener.registerListener(reactContext)
-      Talsec.start(reactContext, config)
+      runOnUiThread {
+        Talsec.start(reactContext, config)
+      }
+
       promise.resolve("freeRASP started")
 
-    } catch (e: Exception) {
-      val params = Arguments.createMap().apply {
-        putString("message", e.message)
-      }
-      promise.reject("initializationError", params)
+    }
+    catch (e: Exception) {
+      promise.reject("TalsecInitializationError", e.message, e)
     }
   }
 
@@ -85,42 +87,17 @@ class FreeraspReactNativeModule(val reactContext: ReactApplicationContext) :
     // Remove upstream listeners, stop unnecessary background tasks
   }
 
-  private fun parseTalsecConfig(config: ReadableMap): TalsecConfig {
-    val androidConfig = config.getMap("androidConfig")!!
-    val packageName = androidConfig.getString("packageName")!!
-    val certificateHashes = mutableListOf<String>()
-    val hashes = androidConfig.getArray("certificateHashes")!!
-    for (i in 0 until hashes.size()) {
-      // in RN versions < 0.63, getString is nullable
-      @Suppress("UNNECESSARY_SAFE_CALL")
-      hashes.getString(i)?.let {
-        certificateHashes.add(it)
-      }
-    }
-    val watcherMail = config.getString("watcherMail")
-    val alternativeStores = mutableListOf<String>()
-    if (androidConfig.hasKey("supportedAlternativeStores")) {
-      val stores = androidConfig.getArray("supportedAlternativeStores")!!
-      for (i in 0 until stores.size()) {
-        // in RN versions < 0.63, getString is nullable
-        @Suppress("UNNECESSARY_SAFE_CALL")
-        stores.getString(i)?.let {
-          alternativeStores.add(it)
-        }
-      }
-    }
-    var isProd = true
-    if (config.hasKey("isProd")) {
-      isProd = config.getBoolean("isProd")
-    }
+  private fun buildTalsecConfig(config: ReadableMap): TalsecConfig {
+    val androidConfig = config.getMapThrowing("androidConfig")
+    val packageName = androidConfig.getStringThrowing("packageName")
+    val certificateHashes = androidConfig.getArraySafe("certificateHashes")
+
+    val talsecBuilder = TalsecConfig.Builder(packageName, certificateHashes)
+      .watcherMail(config.getString("watcherMail"))
+      .supportedAlternativeStores(androidConfig.getArraySafe("supportedAlternativeStores"))
+      .prod(config.getBooleanSafe("isProd"))
 
-    return TalsecConfig(
-      packageName,
-      certificateHashes.toTypedArray(),
-      watcherMail,
-      alternativeStores.toTypedArray(),
-      isProd
-    )
+    return talsecBuilder.build()
   }
 
   companion object {

android/src/main/java/com/freeraspreactnative/FreeraspThreatHandler.kt

@@ -1,5 +1,6 @@
 package com.freeraspreactnative
 
+import com.aheaditec.talsec_security.security.api.SuspiciousAppInfo
 import com.aheaditec.talsec_security.security.api.ThreatListener
 
 internal object FreeraspThreatHandler : ThreatListener.ThreatDetected, ThreatListener.DeviceState {
@@ -38,6 +39,8 @@ internal object FreeraspThreatHandler : ThreatListener.ThreatDetected, ThreatLis
     listener?.threatDetected(Threat.ObfuscationIssues)
   }
 
+  override fun onMalwareDetected(p0: MutableList<SuspiciousAppInfo>?) {}
+
   override fun onUnlockedDeviceDetected() {
     listener?.threatDetected(Threat.Passcode)
   }

android/src/main/java/com/freeraspreactnative/Utils.kt

@@ -0,0 +1,40 @@
+package com.freeraspreactnative
+
+import com.facebook.react.bridge.ReadableArray
+import com.facebook.react.bridge.ReadableMap
+import com.freeraspreactnative.exceptions.TalsecException
+
+internal fun ReadableMap.getMapThrowing(key: String): ReadableMap {
+  return this.getMap(key) ?: throw TalsecException("Key missing in configuration: $key")
+}
+
+internal fun ReadableMap.getStringThrowing(key: String): String {
+  return this.getString(key) ?: throw TalsecException("Key missing in configuration: $key")
+}
+
+internal fun ReadableMap.getBooleanSafe(key: String, defaultValue: Boolean = true): Boolean {
+  if (this.hasKey(key)) {
+    return this.getBoolean(key)
+  }
+  return defaultValue
+}
+
+internal fun ReadableArray.toArray(): Array<String> {
+  val output = mutableListOf<String>()
+  for (i in 0 until this.size()) {
+    // in RN versions < 0.63, getString is nullable
+    @Suppress("UNNECESSARY_SAFE_CALL")
+    this.getString(i)?.let {
+      output.add(it)
+    }
+  }
+  return output.toTypedArray()
+}
+
+internal fun ReadableMap.getArraySafe(key: String): Array<String> {
+  if (this.hasKey(key)) {
+    val inputArray = this.getArray(key)!!
+    return inputArray.toArray()
+  }
+  return arrayOf()
+}

android/src/main/java/com/freeraspreactnative/exceptions/TalsecException.kt

@@ -0,0 +1,3 @@
+package com.freeraspreactnative.exceptions
+
+class TalsecException(message: String, val code: String? = null, val ex: Exception? = null) : Exception(message)

example/src/App.tsx

@@ -14,7 +14,7 @@ const App = () => {
   const config = {
     androidConfig: {
       packageName: 'com.freeraspreactnativeexample',
-      certificateHashes: ['your_signing_certificate_hash_base64'],
+      certificateHashes: ['AKoRuyLMM91E7lX/Zqp3u4jMmd0A7hH/Iqozu0TMVd0='],
       // supportedAlternativeStores: ['storeOne', 'storeTwo'],
     },
     iosConfig: {

ios/FreeraspReactNative.swift

@@ -20,7 +20,7 @@ class FreeraspReactNative: RCTEventEmitter {
             try initializeTalsec(talsecConfig: options)
         }
         catch let error as NSError {
-            reject("initialization_error", "Could not initialize freeRASP", error)
+            reject("TalsecInitializationError", "Could not initialize freeRASP: \(error.domain)", error)
             return
         }
         resolve("freeRASP started")

ios/TalsecRuntime.xcframework/Info.plist

@@ -5,31 +5,35 @@
 	<key>AvailableLibraries</key>
 	<array>
 		<dict>
+			<key>BinaryPath</key>
+			<string>TalsecRuntime.framework/TalsecRuntime</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64</string>
+			<string>ios-arm64_x86_64-simulator</string>
 			<key>LibraryPath</key>
 			<string>TalsecRuntime.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
+				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>simulator</string>
 		</dict>
 		<dict>
+			<key>BinaryPath</key>
+			<string>TalsecRuntime.framework/TalsecRuntime</string>
 			<key>LibraryIdentifier</key>
-			<string>ios-arm64_x86_64-simulator</string>
+			<string>ios-arm64</string>
 			<key>LibraryPath</key>
 			<string>TalsecRuntime.framework</string>
 			<key>SupportedArchitectures</key>
 			<array>
 				<string>arm64</string>
-				<string>x86_64</string>
 			</array>
 			<key>SupportedPlatform</key>
 			<string>ios</string>
-			<key>SupportedPlatformVariant</key>
-			<string>simulator</string>
 		</dict>
 	</array>
 	<key>CFBundlePackageType</key>