Comments (1)
nkbai
commented on May 20, 2024
- 首先建议使用SliceMode,而不是ConstStringMode,后者的分析深度有限。
{
"ConstStringTest1": {
"SliceMode": true,
"traceDepth": 28,
"desc": {
"name": "test",
"category": "ConstStringTest",
"detail": "ConstStringTest",
"wiki": "",
"possibility": "4",
"model": "middle"
},
"minLen": 2,
"source": {
"ConstString": [
"android.telephony.TelephonyManager"
]
},
"sink": {
"<com.example.test.util.test: * doTest()>": {
"TaintCheck": [
"p"
]
}
}
}
}- 我分析了一下,发现iterator的next指针传播发生了中断, 需要在EngineConfig.json5中处理next函数的指针传播问题。
具体来说就是在PointerFlowRule->MethodName中增加一项,我已经修改了EngineConfig.json5文件。
"next": {
"@this->ret": {
"I": [
"@this"
],
"O": [
"ret"
]
},
"@this.data->ret": {
"I": [
"@this.data"
],
"O": [
"ret"
]
}
},EngineConfig.json5中的PointerFlowRule和VariableFlowRule非常强大,用于覆盖appshark的默认分析方式,可以根据自己的需要,自行调整。
from appshark.
Related Issues (20)
- 来自一个强迫症 HOT 1
- 扫描时如何筛选函数的参数 HOT 2
- 多规则扫描显示json解析出错 HOT 2
- AndroidManifest.xml 权限保护级别解析错误 HOT 1
- [Appshark-UI] - init.sql file
- 设置类型漏洞的检测问题 HOT 11
- 复杂一点的应用会报OOM HOT 1
- switch-case语句的result.json只有第一个case的label部分 HOT 1
- 添加规则对应的安卓版本 HOT 1
- 在规则文件中增加permission字段来检查权限滥用 HOT 7
- SignInfo没有具体实现 HOT 2
- 函数签名的返回类型解析错误 HOT 2
- 如何区分source的原始对象和传播中被污染的对象 HOT 12
- 污点链没有传播到List中对象的属性 HOT 1
- 如何在sanitizer过滤导出组件,未导出组件不检测 HOT 5
- Appshark扫描优化 HOT 1
- SliceMode不能正确找到入口 HOT 4
- 污点传播不支持gson.fromJson HOT 3
- Lambda表达式断链问题 HOT 2
- 不支持ARouter路由框架导致断链 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appshark.