Typescript React Native Missing Masking
Description
Detects React Native TextInput components that handle sensitive information (like passwords) without proper input masking. Missing input masking could expose sensitive data in plain text on the UI, potentially leading to shoulder surfing attacks or screen captures revealing confidential information.
Detection Strategy
• Check if the source file imports the 'react-native' module
• Look for TextInput components in the React Native code
• Determine if the TextInput is used for sensitive information (e.g., password fields, credit card data)
• Report a vulnerability if a sensitive TextInput is found without proper security controls
Vulnerable code example
import { TextInput } from "react-native";
function PasswordInput() {
// VULNERABLE: Password input without secureTextEntry exposes sensitive data
return (
<TextInput
placeholder="Password"
onChangeText={(text) => {}}...✅ Secure code example
import { TextInput } from "react-native";
import { useState } from "react";
function PasswordInput() {
const [password, setPassword] = useState("");
return (
<TextInput...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.