search

bytedance / appshark

Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Apache License 2.0
1.49k stars 165 forks source link

函数签名的返回类型解析错误 #60

Closed firmianay closed 9 months ago

firmianay commented 9 months ago

对于包含,号复杂返回值,会解析出错然后退出。

解决办法: 1、修改规则,把函数签名的返回类型改成*号 2、修改程序MethodSignatureParseState.ReturnType -> {},把整个字符串作为返回类型,就是不知道对后续有没有影响?

{
    "READ_PHONE_STATE": {
        "APIMode": true,
        "desc": {
            "name": "READ_PHONE_STATE",
            "detail": "",
            "category": "ComplianceInfo",
            "complianceCategory": "",
            "complianceCategoryDetail": "",
            "level": ""
        },
        "entry": {},
        "source": {},
        "sink": {
            "<android.telephony.TelephonyManager: java.util.Map<java.lang.Integer,java.util.List<android.telephony.emergency.EmergencyNumber>> getEmergencyNumberList()>": {}
        }
    }
}

image

nkbai commented 9 months ago

jimle中并不会出现java.util.Map<java.lang.Integer,java.util.List<>>这种复杂的签名

firmianay commented 9 months ago

我在那个PR里增加了错误输出,当时几百个签名,排查这个问题用二分法找了很久... logErr("Format Error $methodSig")