From 6025edb6e1dc79a0d53177fe99dbee07c6408c1c Mon Sep 17 00:00:00 2001 From: cyw3 <2927096163@qq.com> Date: Wed, 7 May 2025 11:24:36 +0800 Subject: [PATCH] :art: update rules Signed-off-by: cyw3 <2927096163@qq.com> --- .../management/commands/open_source/jafc.json | 26 +++--- .../commands/open_source/jafc_beta.json | 18 ++-- .../management/commands/open_source/jaff.json | 92 ++++++------------- .../commands/open_source/jaff_beta.json | 63 +++++-------- .../android_dynamic_permissions.json | 7 -- .../android_privacy_compliance.json | 7 -- .../enhanced_api_java.json | 14 --- 7 files changed, 74 insertions(+), 153 deletions(-) diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source/jafc.json b/server/projects/main/apps/scan_conf/management/commands/open_source/jafc.json index 2c79247e41..4281b783d2 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source/jafc.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source/jafc.json @@ -39,7 +39,7 @@ "severity": "warning", "category": "correctness", "rule_title": "查找android.net.ConnectivityManager相关API", - "rule_params": "class = android.net.ConnectivityManager\nmethod = getNetworkInfo;getAllNetworks\nmsg = 查找android.net.ConnectivityManager相关API", + "rule_params": "", "custom": true, "languages": [ "java" @@ -56,7 +56,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - CameraManager", - "rule_params": "class = CameraManager\nmethod = openCamera\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -73,7 +73,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - Environment.getExternalStorageDirectory", - "rule_params": "class = Environment\nmethod = getExternalStorageDirectory\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -90,7 +90,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - LocationManager", - "rule_params": "class = android.location.LocationManager\nmsg = android.location.LocationManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -107,7 +107,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - SubscriptionManager", - "rule_params": "class = SubscriptionManager\nmethod = getActiveSubscriptionInfo;getActiveSubscriptionInfoForSimSlotIndex;getActiveSubscriptionInfoList;getActiveSubscriptionInfoCount\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -124,7 +124,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TelephonyManager", - "rule_params": "class = TelephonyManager\nmsg = TelephonyManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -141,7 +141,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TwilightManager", - "rule_params": "class = TwilightManager\nmethod = getLastKnownLocationForProvider\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -158,7 +158,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WallpaperManager", - "rule_params": "class = WallpaperManager\nmethod = getFastDrawable;peekFastDrawable;getWallpaperFile\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -175,7 +175,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WifiRttManager", - "rule_params": "class = WifiRttManager\nmethod = startRanging\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -192,7 +192,7 @@ "severity": "fatal", "category": "security", "rule_title": "fight_IMEI使用监控", - "rule_params": "class=android.telephony.TelephonyManager\nmethod=getDeviceId;getImei\nmsg=Android Q 系统禁止使用IMEI,请按邮件申请备案。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -262,7 +262,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.Logger\nmethod = error;warn;info;debug;fatal;trace;log\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -279,7 +279,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j LogManager api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.LogManager\nmethod = getLogger\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -296,7 +296,7 @@ "severity": "warning", "category": "correctness", "rule_title": "查找android.net.NetworkInfo相关API", - "rule_params": "class = android.net. NetworkInfo\nmethod = getExtraInfo\nmsg = 查找android.net.NetworkInfo相关API", + "rule_params": "", "custom": true, "languages": [ "java" diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json b/server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json index bd03b8a08a..bb6a3b24d7 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json @@ -22,7 +22,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - CameraManager", - "rule_params": "class = CameraManager\nmethod = openCamera\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -39,7 +39,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - Environment.getExternalStorageDirectory", - "rule_params": "class = Environment\nmethod = getExternalStorageDirectory\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -56,7 +56,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - LocationManager", - "rule_params": "class = android.location.LocationManager\nmsg = android.location.LocationManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -73,7 +73,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - SubscriptionManager", - "rule_params": "class = SubscriptionManager\nmethod = getActiveSubscriptionInfo;getActiveSubscriptionInfoForSimSlotIndex;getActiveSubscriptionInfoList;getActiveSubscriptionInfoCount\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -107,7 +107,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TwilightManager", - "rule_params": "class = TwilightManager\nmethod = getLastKnownLocationForProvider\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -124,7 +124,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WallpaperManager", - "rule_params": "class = WallpaperManager\nmethod = getFastDrawable;peekFastDrawable;getWallpaperFile\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -141,7 +141,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WifiRttManager", - "rule_params": "class = WifiRttManager\nmethod = startRanging\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -158,7 +158,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.Logger\nmethod = error;warn;info;debug;fatal;trace;log\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -175,7 +175,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j LogManager api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.LogManager\nmethod = getLogger\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source/jaff.json b/server/projects/main/apps/scan_conf/management/commands/open_source/jaff.json index c8a217f512..fba6418bb9 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source/jaff.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source/jaff.json @@ -22,7 +22,7 @@ "severity": "warning", "category": "correctness", "rule_title": "查找android.net.ConnectivityManager相关API", - "rule_params": "class = android.net.ConnectivityManager\nmethod = getNetworkInfo;getAllNetworks\nmsg = 查找android.net.ConnectivityManager相关API", + "rule_params": "", "custom": true, "languages": [ "java" @@ -39,7 +39,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - CameraManager", - "rule_params": "class = CameraManager\nmethod = openCamera\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -56,7 +56,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - Environment.getExternalStorageDirectory", - "rule_params": "class = Environment\nmethod = getExternalStorageDirectory\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -73,7 +73,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - LocationManager", - "rule_params": "class = LocationManager\nmsg = LocationManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -90,7 +90,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - SubscriptionManager", - "rule_params": "class = SubscriptionManager\nmethod = getActiveSubscriptionInfo;getActiveSubscriptionInfoForSimSlotIndex;getActiveSubscriptionInfoList;getActiveSubscriptionInfoCount\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -107,7 +107,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TelephonyManager", - "rule_params": "class = TelephonyManager\nmsg = TelephonyManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -124,7 +124,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TwilightManager", - "rule_params": "class = TwilightManager\nmethod = getLastKnownLocationForProvider\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -141,7 +141,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WallpaperManager", - "rule_params": "class = WallpaperManager\nmethod = getFastDrawable;peekFastDrawable;getWallpaperFile\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -158,7 +158,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WifiRttManager", - "rule_params": "class = WifiRttManager\nmethod = startRanging\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -175,7 +175,7 @@ "severity": "fatal", "category": "security", "rule_title": "fight_IMEI使用监控", - "rule_params": "class=android.telephony.TelephonyManager\nmethod=getDeviceId;getImei\nmsg=Android Q 系统禁止使用IMEI,请按邮件申请备案。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -228,7 +228,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.Logger\nmethod = error;warn;info;debug;fatal;trace;log\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -245,7 +245,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j LogManager api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.LogManager\nmethod = getLogger\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -262,7 +262,7 @@ "severity": "warning", "category": "correctness", "rule_title": "查找android.net.NetworkInfo相关API", - "rule_params": "class = android.net. NetworkInfo\nmethod = getExtraInfo\nmsg = 查找android.net.NetworkInfo相关API", + "rule_params": "", "custom": true, "languages": [ "java" @@ -487,30 +487,13 @@ "description": "禁止调用的系统API接口方法,防止在错误的场景下调用导致公关风险:\n1、android.content.pm.PackageManager.getInstalledPackages\n2、android.content.pm.PackageManager.getInstalledApplications", "disable": false }, - { - "real_name": "AudioRecordInit", - "display_name": "AudioRecordInit", - "severity": "warning", - "category": "security", - "rule_title": "new AudioRecord检查", - "rule_params": "class = AudioRecord\nmethod = \nmsg = 禁止new AudioRecord", - "custom": true, - "languages": [ - "java" - ], - "solution": "new AudioRecord的时候如果应用在后台,可能会在vivo nex机器顶部状态栏上出现某某应用正在录音的告警,存在隐私风险", - "owner": null, - "labels": [], - "description": "new AudioRecord的时候如果应用在后台,可能会在vivo nex机器顶部状态栏上出现某某应用正在录音的告警,存在隐私风险", - "disable": false - }, { "real_name": "camera1API", "display_name": "camera1API", "severity": "warning", "category": "security", "rule_title": "camera1API隐患检查", - "rule_params": "class = android.hardware.Camera\nmethod = open;getParameters\nmsg = App调用sdk的Camera1的API,即时不拍照,Vivo也会弹出前置摄像头,因此希望开发人员谨慎使用。注意PR风险。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -527,7 +510,7 @@ "severity": "warning", "category": "security", "rule_title": "通讯录API扫描", - "rule_params": "class = ContactsContract\nmethod = Contacts;RawContacts;Data\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -544,7 +527,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API-CalendarContract检测", - "rule_params": "class = CalendarContract\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", + "rule_params": "", "custom": true, "languages": [ "java" @@ -561,24 +544,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API-IMAGE_CAPTURE检测", - "rule_params": "class = IMAGE_CAPTURE\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "custom": true, - "languages": [ - "java" - ], - "solution": "发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "owner": null, - "labels": [], - "description": "##### 规则背景\nAndroid 6.0版本(Api 23)推出动态权限管理,应用的相关功能每次在使用危险权限时需要动态的申请并得到用户的授权才能使用。\n\n\n##### 规则扫描内容\n发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "disable": false - }, - { - "real_name": "DynamicPermissionsActionImageCapture", - "display_name": "DynamicPermissionsActionImageCapture", - "severity": "warning", - "category": "correctness", - "rule_title": "动态权限API-ACTION_IMAGE_CAPTURE检测", - "rule_params": "class = ACTION_IMAGE_CAPTURE\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", + "rule_params": "", "custom": true, "languages": [ "java" @@ -595,7 +561,7 @@ "severity": "info", "category": "other", "rule_title": "文件读写模式扫描规则", - "rule_params": "class = MODE_WORLD_READABLE\nmsg = 文件读写模式,MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE废弃了,Android N行为变更。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -612,7 +578,7 @@ "severity": "info", "category": "other", "rule_title": "文件读写模式扫描规则", - "rule_params": "class = MODE_WORLD_WRITEABLE\nmsg = 文件读写模式,MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE废弃了,Android N行为变更。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -629,7 +595,7 @@ "severity": "info", "category": "other", "rule_title": "文件共享扫描规则", - "rule_params": "class = MediaStore.ACTION_IMAGE_CAPTUR\nmsg = 敏感API:文件共享\n使用请谨慎", + "rule_params": "", "custom": true, "languages": [ "java" @@ -646,7 +612,7 @@ "severity": "info", "category": "other", "rule_title": "文件共享扫描规则", - "rule_params": "class = vnd.android.package-archive\nmsg = 敏感API:文件共享\n使用请谨慎", + "rule_params": "", "custom": true, "languages": [ "java" @@ -663,7 +629,7 @@ "severity": "warning", "category": "security", "rule_title": "定位API扫描", - "rule_params": "class = LocationManager\nmethod = requestLocationUpdates\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -680,7 +646,7 @@ "severity": "warning", "category": "security", "rule_title": "短信API扫描", - "rule_params": "class = SmsManager\nmethod = sendTextMessage\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -697,7 +663,7 @@ "severity": "warning", "category": "security", "rule_title": "短信API扫描", - "rule_params": "class = SmsMessage\nmethod = createFromPdu\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -731,7 +697,7 @@ "severity": "warning", "category": "security", "rule_title": "录音API扫描", - "rule_params": "class = MediaRecorder\nmethod = prepare;start\nmsg = 确认录音操作是否在合适的场景中。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -748,7 +714,7 @@ "severity": "warning", "category": "security", "rule_title": "录音API扫描", - "rule_params": "class = AudioRecord\nmethod = startRecording\nmsg = 确认录音操作是否在合适的场景中。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -765,7 +731,7 @@ "severity": "warning", "category": "security", "rule_title": "WIFIAPI扫描", - "rule_params": "class = WifiManager\nmethod = setWifiEnabled\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -782,7 +748,7 @@ "severity": "error", "category": "security", "rule_title": "Zip解压API扫描", - "rule_params": "class = java.util.zip.ZipInputStream\nmsg = 为避免目录遍历漏洞,禁止使用ZipInputStream,ZipFile\n请改为使用com.tencent.commonsdk.zip.QZipInputStream;com.tencent.commonsdk.zip.QZipFile", + "rule_params": "", "custom": true, "languages": [ "java" @@ -799,7 +765,7 @@ "severity": "error", "category": "security", "rule_title": "Zip解压API扫描", - "rule_params": "class = java.util.zip.ZipFile\nmsg = 为避免目录遍历漏洞,禁止使用ZipInputStream,ZipFile\n请改为使用com.tencent.commonsdk.zip.QZipInputStream;com.tencent.commonsdk.zip.QZipFile", + "rule_params": "", "custom": true, "languages": [ "java" diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json b/server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json index fcd959e231..a0fdfc5b60 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json @@ -22,7 +22,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - CameraManager", - "rule_params": "class = CameraManager\nmethod = openCamera\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -39,7 +39,7 @@ "severity": "warning", "category": "security", "rule_title": "录音API扫描", - "rule_params": "class = AudioRecord\nmethod = startRecording\nmsg = 确认录音操作是否在合适的场景中。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -56,7 +56,7 @@ "severity": "warning", "category": "security", "rule_title": "录音API扫描", - "rule_params": "class = MediaRecorder\nmethod = prepare;start\nmsg = 确认录音操作是否在合适的场景中。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -73,7 +73,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - Environment.getExternalStorageDirectory", - "rule_params": "class = Environment\nmethod = getExternalStorageDirectory\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -90,7 +90,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - LocationManager", - "rule_params": "class = LocationManager\nmsg = LocationManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -107,7 +107,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - SubscriptionManager", - "rule_params": "class = SubscriptionManager\nmethod = getActiveSubscriptionInfo;getActiveSubscriptionInfoForSimSlotIndex;getActiveSubscriptionInfoList;getActiveSubscriptionInfoCount\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -124,7 +124,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TelephonyManager", - "rule_params": "class = TelephonyManager\nmsg = TelephonyManager的API可能会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -141,7 +141,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - TwilightManager", - "rule_params": "class = TwilightManager\nmethod = getLastKnownLocationForProvider\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -158,7 +158,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WallpaperManager", - "rule_params": "class = WallpaperManager\nmethod = getFastDrawable;peekFastDrawable;getWallpaperFile\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -175,7 +175,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API检测 - WifiRttManager", - "rule_params": "class = WifiRttManager\nmethod = startRanging\nmsg = 该API会触发动态权限申请,请检查代码逻辑是否在拒绝权限后正常运行。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -192,7 +192,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.Logger\nmethod = error;warn;info;debug;fatal;trace;log\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -209,7 +209,7 @@ "severity": "error", "category": "security", "rule_title": "扫描log4j LogManager api调用位置,辅助升级log4j", - "rule_params": "class = org.apache.logging.log4j.LogManager\nmethod = getLogger\nmsg = 扫描log4j api调用位置,辅助升级log4j", + "rule_params": "", "custom": true, "languages": [ "java" @@ -226,7 +226,7 @@ "severity": "warning", "category": "security", "rule_title": "camera1API隐患检查", - "rule_params": "class = android.hardware.Camera\nmethod = open;getParameters\nmsg = App调用sdk的Camera1的API,即时不拍照,Vivo也会弹出前置摄像头,因此希望开发人员谨慎使用。注意PR风险。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -243,7 +243,7 @@ "severity": "warning", "category": "security", "rule_title": "通讯录API扫描", - "rule_params": "class = ContactsContract\nmethod = Contacts;RawContacts;Data\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -260,7 +260,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API-CalendarContract检测", - "rule_params": "class = CalendarContract\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", + "rule_params": "", "custom": true, "languages": [ "java" @@ -277,24 +277,7 @@ "severity": "warning", "category": "correctness", "rule_title": "动态权限API-IMAGE_CAPTURE检测", - "rule_params": "class = IMAGE_CAPTURE\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "custom": true, - "languages": [ - "java" - ], - "solution": "发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "owner": null, - "labels": [], - "description": "##### 规则背景\nAndroid 6.0版本(Api 23)推出动态权限管理,应用的相关功能每次在使用危险权限时需要动态的申请并得到用户的授权才能使用。\n\n\n##### 规则扫描内容\n发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", - "disable": false - }, - { - "real_name": "DynamicPermissionsActionImageCapture", - "display_name": "DynamicPermissionsActionImageCapture", - "severity": "warning", - "category": "correctness", - "rule_title": "动态权限API-ACTION_IMAGE_CAPTURE检测", - "rule_params": "class = ACTION_IMAGE_CAPTURE\nmsg = 发现项目中代码以及组件中对危险权限的API调用,提示开发人员对旧的代码逻辑进行检查,防止无容错等逻辑导致程序异常", + "rule_params": "", "custom": true, "languages": [ "java" @@ -311,7 +294,7 @@ "severity": "info", "category": "other", "rule_title": "文件读写模式扫描规则", - "rule_params": "class = MODE_WORLD_READABLE\nmsg = 文件读写模式,MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE废弃了,Android N行为变更。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -328,7 +311,7 @@ "severity": "info", "category": "other", "rule_title": "文件读写模式扫描规则", - "rule_params": "class = MODE_WORLD_WRITEABLE\nmsg = 文件读写模式,MODE_WORLD_READABLE, MODE_WORLD_WRITEABLE废弃了,Android N行为变更。", + "rule_params": "", "custom": true, "languages": [ "java" @@ -345,7 +328,7 @@ "severity": "info", "category": "other", "rule_title": "文件共享扫描规则", - "rule_params": "class = MediaStore.ACTION_IMAGE_CAPTUR\nmsg = 敏感API:文件共享\n使用请谨慎", + "rule_params": "", "custom": true, "languages": [ "java" @@ -362,7 +345,7 @@ "severity": "info", "category": "other", "rule_title": "文件共享扫描规则", - "rule_params": "class = vnd.android.package-archive\nmsg = 敏感API:文件共享\n使用请谨慎", + "rule_params": "", "custom": true, "languages": [ "java" @@ -379,7 +362,7 @@ "severity": "warning", "category": "security", "rule_title": "定位API扫描", - "rule_params": "class = LocationManager\nmethod = requestLocationUpdates\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -396,7 +379,7 @@ "severity": "warning", "category": "security", "rule_title": "短信API扫描", - "rule_params": "class = SmsManager\nmethod = sendTextMessage\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" @@ -413,7 +396,7 @@ "severity": "warning", "category": "security", "rule_title": "短信API扫描", - "rule_params": "class = SmsMessage\nmethod = createFromPdu\nmsg = 请检查该API的调用是否在合适的场景下,防止在错误的场景下调用导致公关风险", + "rule_params": "", "custom": true, "languages": [ "java" diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json index d517ef7e21..17c9f3efd7 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json @@ -39,13 +39,6 @@ "rule_params": null, "state": "enabled" }, - { - "checktool": "jaff_beta", - "checkrule": "DynamicPermissionsActionImageCapture", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, { "checktool": "regexscan", "checkrule": "Dynamic_permissions", diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json index b22958d312..f056bce34d 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json @@ -25,13 +25,6 @@ "rule_params": null, "state": "enabled" }, - { - "checktool": "jaff_beta", - "checkrule": "DynamicPermissionsActionImageCapture", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, { "checktool": "regexscan", "checkrule": "Dynamic_permissions", diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json index 44bff91ee2..c68cc0ae9c 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json @@ -12,13 +12,6 @@ "增强" ], "checkrule_set": [ - { - "checktool": "jaff", - "checkrule": "AudioRecordInit", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, { "checktool": "jaff", "checkrule": "camera1API", @@ -166,13 +159,6 @@ "rule_params": null, "state": "enabled" }, - { - "checktool": "jaff", - "checkrule": "DynamicPermissionsActionImageCapture", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, { "checktool": "jaff", "checkrule": "DynamicPermissionsCalendarContract",