require-storage-encryption
The rule provides **LLM-optimized error messages** (Compact 2-line format) with actionable security guidance:
Security rule for mobile applications
Error Message Format
The rule provides LLM-optimized error messages (Compact 2-line format) with actionable security guidance:
🔒 CWE-311 OWASP:A04 CVSS:7.5 | Missing Encryption of Sensitive Data detected | HIGH
Fix: Review and apply the recommended fix | https://owasp.org/Top10/A04_2021/Message Components
| Component | Purpose | Example |
|---|---|---|
| Risk Standards | Security benchmarks | CWE-311 OWASP:A04 CVSS:7.5 |
| Issue Description | Specific vulnerability | Missing Encryption of Sensitive Data detected |
| Severity & Compliance | Impact assessment | HIGH |
| Fix Instruction | Actionable remediation | Follow the remediation steps below |
| Technical Truth | Official reference | OWASP Top 10 |
Rule Details
This rule security rule for mobile applications.
OWASP Mobile Top 10: Mobile
CWE: CWE-311
Severity: error
Examples
❌ Incorrect
// Insecure pattern✅ Correct
// Secure patternWhen Not To Use It
This rule should be enabled for all mobile and web applications to ensure security best practices.
Known False Negatives
The following patterns are not detected due to static analysis limitations:
Prompt from Variable
Why: Prompt content from variables not traced.
// ❌ NOT DETECTED - Prompt from variable
const prompt = buildPrompt(userInput);
await generateText({ prompt });Mitigation: Validate all prompt components.
Nested Context
Why: Deep nesting obscures injection.
// ❌ NOT DETECTED - Nested
const messages = [{ role: 'user', content: userInput }];
await chat({ messages });Mitigation: Validate at all levels.
Custom AI Wrappers
Why: Custom AI clients not recognized.
// ❌ NOT DETECTED - Custom wrapper
myAI.complete(userPrompt);Mitigation: Apply rule to wrapper implementations.
Further Reading
Related Rules
- See other mobile security rules in this plugin
Category: Mobile Security
Type: Problem
Recommended: Yes