New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question about writing advanced rules #60
Comments
Trying to figure this out still, but was wondering if partial_labels or some other function can be used to chain different types of declarations up? |
Could you describe what flow you are trying to catch? I don't have access to this paper. |
Hi @arthaud, sure! The example vulnerable code is here:
Basically, I want to find any invocations of PendingIntent, via either getActivity(), getActivities(), getBroadcast() So far, I could get the source of the rule to be checking for initialization of a implicit intent, and I can trace up till the getActivity function, but not sure how to chain this rule with a rule that checks that the pendingIntent is then wrapped within another implicit intent. |
Like below
|
How do I ensure that the taint path must have PendingIntent in it though? Or is it not possible to define that sort of granularity within the rules? |
I don't think there is a good way to model this currently. |
Thanks @arthaud! Will keep that in mind, and work with features for now. |
Hello @chuayupeng , could you share how you achieved your goal with features? I am trying to learn propagations and features, which are not well-documented (few examples and not much detailed) and simple to understand, in my opinion. |
For reference, I am trying my hand at writing a rule to detect PendingIntents used dangerously, as noted in https://www.researchgate.net/publication/325818237_PIAnalyzer_A_Precise_Approach_for_PendingIntent_Vulnerability_Analysis, and I have a rule that can detect implicit intents being initialised as its source, and something like this for its sink.
However, I am unable to abstract this flow as its own standalone source/sink. Would like to develop this further to detect instances of PendingIntents being initialised with implicit intents, and then sent off as another Intent's extraData. How should I link these 2 use cases up? Appreciate any advice regarding this!
The text was updated successfully, but these errors were encountered: