Dart Clipboard Sensitive Data
Description
This detector identifies Dart code that copies sensitive user data (like passwords, tokens, or personal information) to the system clipboard. Storing sensitive data in the clipboard poses security risks as it may be accessed by other applications, logged by clipboard managers, or persist longer than intended, potentially leading to data exposure.
Detection Strategy
• Detects when Flutter's Clipboard.setData() method is called with sensitive data as the first argument
• Identifies clipboard operations using positional text methods (like clipboard libraries or Pasteboard.writeText) where the first parameter contains sensitive user data
• Flags clipboard operations using named parameter methods where the 'text' parameter contains sensitive user data
• Triggers when the data being copied is determined to contain sensitive information such as passwords, authentication tokens, personal identifiable information, or other confidential user data
Vulnerable code example
import 'package:flutter/services.dart';
import 'package:clipboard/clipboard.dart';
final passwordController = TextEditingController();
// VULNERABLE: credential copied directly to global clipboard
Future<void> copyPassword() async {
final password = passwordController.text;...✅ Secure code example
import 'package:flutter/services.dart';
import 'package:flutter/material.dart';
final passwordController = TextEditingController();
// SAFE: use secure password manager integration instead of clipboard
Future<void> copyPassword() async {
final password = passwordController.text;...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.