一蓑烟雨
在创建SimpleBroadcastReceiver对象时接收一个Consumer并重写accept()方法,当接收到广播时在onReceive中调用Consumer.accept(intent) 但appshark无法跟踪进入accept()函数,导致断链。  
[这个应用](https://apkpure.com/color-phone-dialer-call-id/com.cutestudio.colordialer/download/2.1.8)存在漏洞CVE-2023-42468,我想写个规则来扫,先试了SliceMode,不行,好像是因为根据source和sink不能自动找到入口,后面跟不动了。 换成DirectMode并指定method可以扫出来,但如果指定的是"ExportedCompos": true,速度贼慢,最后也没扫出来。 请教下师傅,看看是哪儿的问题? ``` { placeCall: { DirectMode: true, // SliceMode: true, traceDepth: 20, desc: { }, entry: { "methods": [""], // "ExportedCompos": true }, source: { Return: [""],...
#66 exportedCompos=true:保留导出组件 exportedCompos=false:保留非导出组件 exportedCompos不设置:全都保留
设置类型漏洞的检测问题
有一类常规漏洞是设置上的错误,比如针对WebView的`setJavaScriptEnabled(true)`、`setWebContentsDebuggingEnabled(true)`、`setAllowContentAccess(true)`等。 试过APIMode,但不能对函数的参数做过滤;如果用SliceMode,将1传播到setJavaScriptEnabled,但是source不支持整数类型。 大佬能否给一个规则示例。
允许调试多条规则,当指定为“all”时表示全部
APIMode现在只是单纯的找API,是不是可以根据API-Permission的映射关系,如果扫描结果为空,但权限清单中包含该permission,就判断存在权限滥用 ``` { "获取蓝牙设备信息": { "desc": { "category": "camille", "detail": "获取蓝牙设备信息", "name": "获取蓝牙设备信息", "complianceCategory": "ComplianceInfo" }, "permission": "android.permission.BLUETOOTH_CONNECT", // 新增 "sink": { "": {}, "": {}, "": {} }, "APIMode":...
师傅,这个是没写还是开源删掉了,有没有建议的实现方式? ``` @Serializable data class BasicInfo( var AppInfo: AppInfo? = null, var ComponentsInfo: MutableMap? = null, var PermissionInfo: MutableList? = null, var SignInfo: SignInfo? = null, var JSNativeInterface: List? =...
Fix a weird thing that happened in Docker ```sh root@82f5b62df3a2:~# cat /etc/lsb-release DISTRIB_DESCRIPTION="Ubuntu 16.04.7 LTS" root@82f5b62df3a2:~# sh -c 'echo $UID' root@82f5b62df3a2:~# bash -c 'echo $UID' 0 root@82f5b62df3a2:~# sh -c 'echo...
hi, great project! There is a stack overflow in the process_append function of the program because the length of the string read in the targets file is not checked. And...
hi, great project! I found that in the `lv_fs_if/lv_fs_pc.c` file, there is no length limit for "oldname" and "newname", and sprintf them directly into a fixed-length stack buffer, which may...