污点链没有传播到List中对象的属性 #65
Comments
|
有完整的apk么?可能是再处理iterator的时候出问题了 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
大佬们,请帮忙解决一个问题
扫描的代码如下,source点设置为queryIntentActivities,sink点设置为startActivity,
"source": {
"Return": [
"<: * queryIntentActivities()>"
]
},
"sink": {
"<: * startActivit(*)>": {
"TaintParamType": [
"android.content.Intent"
],
"TaintCheck": [
"p0"
]
}
}
如下的传播链条是连起来的,可以扫描出来
Intent intent = new Intent();
intent.setClassName("com.test.app", "com.test.activity");
List queryIntentActivities = this.getPackageManager().queryIntentActivities(intent, 65536);
for(ResolveInfo i : queryIntentActivities) {
intent.setPackage(String.valueOf(i.describeContents()));
startActivity(intent);
}
但是将setPackage中的参数设置为列表对象的属性时,传播链条出现了断裂,无法扫描出来
List queryIntentActivities = this.getPackageManager().queryIntentActivities(intent, 65536);
for(ResolveInfo i : queryIntentActivities) {
intent.setPackage(i.resolvePackageName));
startActivity(intent);
}
似乎是污点仅仅传播到了ResolveInfo对象方法的返回值,而没有传播到ResolveInfo对象的属性,请大佬帮忙看看,应该怎样解决这个断裂问题
The text was updated successfully, but these errors were encountered: