目录穿越示例提供的sanitizer未生效? #76
Comments
|
有具体的 apk 以及规则文件么? |
进一步描述我遇到的问题:我在照着path_traversal_game.md文档,一步步地实践AppShark如何检测路径穿越漏洞,结果发现按照项目提供的demo apk、以及检测规则一步步地做实验,却发现在 章节处 的实验结果始终与文档所描述的不符,即添加了 sanitizer 后无法排除掉预期的误报。请大佬提供帮助与指导,谢谢! 完整规则如下: {
"ContentProviderPathTraversal2": {
"enable": true,
"SliceMode": true,
"traceDepth": 14,
"desc": {
"name": "ContentProviderPathTraversal2",
"category": "",
"wiki": "",
"detail": "If the ContentProvider overwrites openFile but does not validate the Uri path, then an attacker may attempt to use ../ to access unexpected files.",
"possibility": "",
"model": ""
},
"source": {
"Param": {
"<*: android.os.ParcelFileDescriptor openFile(*)>": [
"p0"
]
}
},
"sink": {
"<android.os.ParcelFileDescriptor: android.os.ParcelFileDescriptor open(java.io.File,int)>": {
"TaintCheck": [
"p0"
]
}
},
"sanitizer": {
"getLastPathSegment": {
"<android.net.Uri: java.lang.String getLastPathSegment()>": {
"TaintCheck": [
"@this"
]
}
}
}
}
} |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
根据 path_traversal_game.md 添加 sanitizer 后重新扫描,并无法解决“误报”,VulProvider2组件始终被扫描出来视为漏洞,为什么?有无大佬知情,望告知,谢谢!
The text was updated successfully, but these errors were encountered: