Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #15: PCI-DSS compliance - remove persistent CVV storage from Flutter apps

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 07:26:27 +03:00
parent 16331bd35d
commit 0e28814e7d
7 changed files with 16 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
siro_driver/lib/controller/home/payment/credit_card_Controller.dart
View File

@@ -17,21 +17,6 @@ class CreditCardController extends GetxController {
String? cardHolderName = String? cardHolderName =
await SecureStorage().readData(BoxName.cardHolderName); await SecureStorage().readData(BoxName.cardHolderName);
String? expiryDate = await SecureStorage().readData(BoxName.expiryDate); String? expiryDate = await SecureStorage().readData(BoxName.expiryDate);
String? cvvCode = await SecureStorage().readData(BoxName.cvvCode);
if (cvvCode != null && cvvCode.isNotEmpty) {
final maskedCardNumber = DigitObscuringFormatter()
.formatEditUpdate(
TextEditingValue.empty,
TextEditingValue(text: cardNumber ?? ''),
)
.text;
cardNumberController.text = maskedCardNumber;
cardHolderNameController.text = cardHolderName ?? '';
expiryDateController.text = expiryDate ?? '';
cvvCodeController.text = cvvCode;
}
} }
@override @override
@@ -64,12 +49,10 @@ class CreditCardModel {
String cardNumber; String cardNumber;
String cardHolderName; String cardHolderName;
String expiryDate; String expiryDate;
String cvvCode;
CreditCardModel({ CreditCardModel({
required this.cardNumber, required this.cardNumber,
required this.cardHolderName, required this.cardHolderName,
required this.expiryDate, required this.expiryDate,
required this.cvvCode,
}); });
} }

3
siro_driver/lib/main.dart
View File

@@ -252,6 +252,9 @@ void main() {
await initFirebaseIfNeeded(); await initFirebaseIfNeeded();
await WakelockPlus.enable(); await WakelockPlus.enable();
await GetStorage.init(); await GetStorage.init();
// Purge any previously stored CVV (PCI-DSS compliance)
await storage.delete(key: BoxName.cvvCode);
await storage.delete(key: BoxName.cvvCodeDriver);
await initializeDateFormatting(); await initializeDateFormatting();
await SystemChrome.setPreferredOrientations( await SystemChrome.setPreferredOrientations(
[DeviceOrientation.portraitUp, DeviceOrientation.portraitDown]); [DeviceOrientation.portraitUp, DeviceOrientation.portraitDown]);

6
siro_rider/lib/controller/functions/log_out.dart
View File

@@ -20,6 +20,7 @@ import 'package:siro_rider/controller/home/map/ride_lifecycle_controller.dart';
import 'package:siro_rider/controller/home/map/ui_interactions_controller.dart'; import 'package:siro_rider/controller/home/map/ui_interactions_controller.dart';
import 'package:siro_rider/controller/home/menu_controller.dart'; import 'package:siro_rider/controller/home/menu_controller.dart';
import 'package:siro_rider/controller/home/points_for_rider_controller.dart'; import 'package:siro_rider/controller/home/points_for_rider_controller.dart';
import 'package:siro_rider/controller/functions/secure_storage.dart';
class LogOutController extends GetxController { class LogOutController extends GetxController {
TextEditingController checkTxtController = TextEditingController(); TextEditingController checkTxtController = TextEditingController();
@@ -116,6 +117,11 @@ class LogOutController extends GetxController {
box.remove(BoxName.apiKeyRun); box.remove(BoxName.apiKeyRun);
box.remove(BoxName.countryCode); box.remove(BoxName.countryCode);
SecureStorage().deleteData(BoxName.cardNumber);
SecureStorage().deleteData(BoxName.cvvCode);
SecureStorage().deleteData(BoxName.cardHolderName);
SecureStorage().deleteData(BoxName.expiryDate);
box.remove(BoxName.passengerWalletTotal); box.remove(BoxName.passengerWalletTotal);
box.remove(BoxName.isVerified); box.remove(BoxName.isVerified);
Get.delete<MapSocketController>(force: true); Get.delete<MapSocketController>(force: true);

4
siro_rider/lib/controller/functions/secure_storage.dart
View File

@@ -19,6 +19,10 @@ class SecureStorage {
final String? value = await storage.read(key: boxName); final String? value = await storage.read(key: boxName);
return value.toString(); return value.toString();
} }
Future<void> deleteData(String key) async {
await storage.delete(key: key);
}
} }
class AppInitializer { class AppInitializer {

17
siro_rider/lib/controller/home/payment/credit_card_Controller.dart
View File

@@ -17,21 +17,6 @@ class CreditCardController extends GetxController {
String? cardHolderName = String? cardHolderName =
await SecureStorage().readData(BoxName.cardHolderName); await SecureStorage().readData(BoxName.cardHolderName);
String? expiryDate = await SecureStorage().readData(BoxName.expiryDate); String? expiryDate = await SecureStorage().readData(BoxName.expiryDate);
String? cvvCode = await SecureStorage().readData(BoxName.cvvCode);
// if (cvvCode != null && cvvCode.isNotEmpty) {
// final maskedCardNumber = DigitObscuringFormatter()
// .formatEditUpdate(
// TextEditingValue.empty,
// TextEditingValue(text: cardNumber ?? ''),
// )
// .text;
// cardNumberController.text = maskedCardNumber;
// cardHolderNameController.text = cardHolderName ?? '';
// expiryDateController.text = expiryDate ?? '';
// cvvCodeController.text = cvvCode;
// }
} }
@override @override
@@ -64,12 +49,10 @@ class CreditCardModel {
String cardNumber; String cardNumber;
String cardHolderName; String cardHolderName;
String expiryDate; String expiryDate;
String cvvCode;
CreditCardModel({ CreditCardModel({
required this.cardNumber, required this.cardNumber,
required this.cardHolderName, required this.cardHolderName,
required this.expiryDate, required this.expiryDate,
required this.cvvCode,
}); });
} }

3
siro_rider/lib/main.dart
View File

@@ -15,6 +15,7 @@ import 'package:get_storage/get_storage.dart';
import 'package:flutter/services.dart'; import 'package:flutter/services.dart';
import 'package:wakelock_plus/wakelock_plus.dart'; import 'package:wakelock_plus/wakelock_plus.dart';
import 'constant/info.dart'; import 'constant/info.dart';
import 'constant/box_name.dart';
import 'controller/home/ios_live_activity_service.dart'; import 'controller/home/ios_live_activity_service.dart';
import 'controller/local/local_controller.dart'; import 'controller/local/local_controller.dart';
import 'controller/local/translations.dart'; import 'controller/local/translations.dart';
@@ -43,6 +44,8 @@ void main() {
// These must complete before the UI can be built. // These must complete before the UI can be built.
WidgetsFlutterBinding.ensureInitialized(); WidgetsFlutterBinding.ensureInitialized();
await GetStorage.init(); await GetStorage.init();
// Purge any previously stored CVV (PCI-DSS compliance)
await storage.delete(key: BoxName.cvvCode);
WakelockPlus.enable(); WakelockPlus.enable();
if (Platform.isAndroid || Platform.isIOS) { if (Platform.isAndroid || Platform.isIOS) {
await Firebase.initializeApp( await Firebase.initializeApp(

5
siro_rider/lib/views/home/map_widget.dart/payment_method.page.dart
View File

@@ -94,9 +94,6 @@ class PaymentMethodPage extends StatelessWidget {
BoxName.cardHolderName, BoxName.cardHolderName,
controller controller
.cardHolderNameController.text); .cardHolderNameController.text);
SecureStorage().saveData(
BoxName.cvvCode,
controller.cvvCodeController.text);
SecureStorage().saveData( SecureStorage().saveData(
BoxName.expiryDate, BoxName.expiryDate,
controller controller
@@ -364,8 +361,6 @@ class MyCreditCardWidget extends StatelessWidget {
controller.cardNumberController.text); controller.cardNumberController.text);
SecureStorage().saveData(BoxName.cardHolderName, SecureStorage().saveData(BoxName.cardHolderName,
controller.cardHolderNameController.text); controller.cardHolderNameController.text);
SecureStorage().saveData(BoxName.cvvCode,
controller.cvvCodeController.text);
SecureStorage().saveData(BoxName.expiryDate, SecureStorage().saveData(BoxName.expiryDate,
controller.expiryDateController.text); controller.expiryDateController.text);
} }