search

bytedance / appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Apache License 2.0
1.49k stars 165 forks source link

添加规则对应的安卓版本 #55

Closed firmianay closed 9 months ago

firmianay commented 10 months ago

https://developer.android.com/about/versions/14/behavior-changes-14#security 随着安卓版本更新,一些漏洞类型可能就失效了,是不是可以在规则里增加一个字段类似targetSdkVersion,比如[10, 14),扫的时候解析下manifest,不在范围内的就不扫了

nkbai commented 10 months ago

可以的,targetSdkVersion可以更灵活一点,比如[8,11,12,14]这种形式. 如果没有指定,那就是默认针对所有的安卓版本。