search

bytedance / appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Apache License 2.0
1.49k stars 165 forks source link

多规则扫描显示json解析出错 #44

Closed ReturnHere closed 9 months ago

ReturnHere commented 1 year ago

java -jar AppShark-0.1.2-all.jar config/config.json5 kotlinx.serialization.json.internal.JsonDecodingException: Unexpected JSON token at offset 78: Expected beginning of the string, but got [ at path: $.rules JSON input: { "apkPath": "C:\Users\xxx\xxx.apk", "out": "out", "rules": [ "BadSer.json", "HijackAction.json" ], "rulePath": "config/rules" } at kotlinx.serialization.json.internal.JsonExceptionsKt.JsonDecodingException(JsonExceptions.kt:24) at kotlinx.serialization.json.internal.JsonExceptionsKt.JsonDecodingException(JsonExceptions.kt:32) at kotlinx.serialization.json.internal.AbstractJsonLexer.fail(AbstractJsonLexer.kt:528) at kotlinx.serialization.json.internal.AbstractJsonLexer.fail$default(AbstractJsonLexer.kt:526) at kotlinx.serialization.json.internal.AbstractJsonLexer.consumeStringLenient(AbstractJsonLexer.kt:397) at kotlinx.serialization.json.internal.AbstractJsonLexer.unexpectedToken(AbstractJsonLexer.kt:204) at kotlinx.serialization.json.internal.StringJsonLexer.consumeNextToken(StringJsonLexer.kt:74) at kotlinx.serialization.json.internal.StringJsonLexer.consumeKeyString(StringJsonLexer.kt:85) at kotlinx.serialization.json.internal.AbstractJsonLexer.consumeString(AbstractJsonLexer.kt:313) at kotlinx.serialization.json.internal.StreamingJsonDecoder.decodeString(StreamingJsonDecoder.kt:292) at kotlinx.serialization.encoding.AbstractDecoder.decodeStringElement(AbstractDecoder.kt:58) at net.bytedance.security.app.ArgumentConfig$$serializer.deserialize(ArgumentConfig.kt:23) at net.bytedance.security.app.ArgumentConfig$$serializer.deserialize(ArgumentConfig.kt:23) at kotlinx.serialization.json.internal.PolymorphicKt.decodeSerializableValuePolymorphic(Polymorphic.kt:59) at kotlinx.serialization.json.internal.StreamingJsonDecoder.decodeSerializableValue(StreamingJsonDecoder.kt:38) at kotlinx.serialization.json.Json.decodeFromString(Json.kt:100) at net.bytedance.security.app.StaticAnalyzeMainKt.main(StaticAnalyzeMain.kt:108) at net.bytedance.security.app.KotlinEntry$Companion.callMain(KotlinEntry.kt:24) at net.bytedance.security.app.KotlinEntry.callMain(KotlinEntry.kt) at net.bytedance.security.app.JavaEntry.main(JavaEntry.java:6) this message should only appear in test case

firmianay commented 11 months ago 
"rules": [
"BadSer.json",
"HijackAction.json"
],

都写在一个字符串里,用逗号隔开 "rules": "BadSer.json,HijackAction.json"

ReturnHere commented 10 months ago

多谢

一蓑烟雨 @.***> 于2023年9月18日周一 13:53写道:

"rules": [ "BadSer.json", "HijackAction.json" ],

都写在一个字符串里,用逗号隔开 "rules": "BadSer.json,HijackAction.json"

— Reply to this email directly, view it on GitHub https://github.com/bytedance/appshark/issues/44#issuecomment-1722791996, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC4ZPVWJWVCBTIDAC47AHWTX27OVZANCNFSM6AAAAAA2HGZJAY . You are receiving this because you authored the thread.Message ID: @.***>