Mon 26 June 2023
The new release brings a new AI Engine for improved recommendations, powerful new additions to Flutter detection and much more.
Ostorlab has added new capabilities to provide AI-augmented recommendation that considers contextual data about the application and provides step-by-step fixes and code change suggestions.
The new AI recommendations are displayed in the summary section, as seen in the screenshot above.
Recommendations can be adjusted to add more context data by clicking on the customize button and interacting with the AI engine providing it with any additional information to take into account.
The enhanced recommendations are also visible in the individual findings section where the engine ingests the issues, the actual vulnerable code or setting and provides customized recommendations with code fixes.
Below is an example of generating step-by-step instructions to address a “Publicly Exposed Firebase Database”
Another example of generating fixed code:
The following addition is only the tip of the iceberg of significant improvements already added to the platform that takes advantage of the new AI advances, especially in the vulnerability detection space.
Other powerful integrations are in the making and will be announced soon.
Improved Flutter Detection
Ostorlab has also made significant improvements to the Flutter detection engine. The latest changes in the Flutter runtime have broken the ability to introspect the runtime and perform dynamic analysis. Ostorlab has addressed those breaking changes by collecting class and method metadata to augment its analysis.
Flutter detection is now able to extract call traces naming of Flutter methods for accurate vulnerability identification.
Ostorlab has also added over two hundred (200) new vulnerability detection rules targeting the Dart SDK with its 120k methods and the top 1000 packages with its over 1 million methods.
Ostorlab recommendations have also been improved to show both vulnerable and fixed code in Dart.
We have also reported several vulnerabilities to popular packages ranging from insecure serialization to zip extraction path traversal.
Several minor improvements have also been added, from support for Social Authentication using Github and Google OpenID connect to a new blog design for an improved reading experience.
Our blog post has also gotten a remake for an improved reading experience.