Merge pull request #53 from firmianay/dev3

fix doc
bytedance · Sep 28, 2023 · cdaf7d3 · cdaf7d3
2 parents 7b9ff87 + db99f26
commit cdaf7d3
Show file tree

Hide file tree

Showing 15 changed files with 17 additions and 20 deletions.
diff --git a/config/rules/ContentProviderPathTraversal.json b/config/rules/ContentProviderPathTraversal.json
@@ -24,7 +24,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "getCanonicalFile": {
         "<java.io.File: java.io.File getCanonicalFile()>": {
           "TaintCheck": [

diff --git a/config/rules/PendingIntentMutable.json b/config/rules/PendingIntentMutable.json
@@ -17,7 +17,7 @@
         "android.content.Intent"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "setClassNameString": {
         "<android.content.Intent: android.content.Intent setClassName(java.lang.String,java.lang.String)>": {
           "TaintCheck": [

diff --git a/config/rules/unZipSlip.json b/config/rules/unZipSlip.json
@@ -17,7 +17,7 @@
         "<java.util.zip.ZipEntry: java.lang.String getName()>"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "rule1": {
         "<java.io.File: java.lang.String getCanonicalPath()>": {
           "TaintCheck": [

diff --git a/doc/en/how_to_write_rules.md b/doc/en/how_to_write_rules.md
@@ -196,7 +196,7 @@ First, give the complete rule:
         "<java.util.zip.ZipEntry: java.lang.String getName()>"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "getCanonicalPath": {
         "<java.io.File: java.lang.String getCanonicalPath()>": {
           "TaintCheck": [

diff --git a/doc/zh/how_to_write_rules.md b/doc/zh/how_to_write_rules.md
@@ -216,7 +216,7 @@ zip slip漏洞的原理可以参考[Directory traversal attack](https://en.wikip
         "<java.util.zip.ZipEntry: java.lang.String getName()>"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "getCanonicalPath": {
         "<java.io.File: java.lang.String getCanonicalPath()>": {
           "TaintCheck": [

diff --git a/doc/zh/path_traversal_game.md b/doc/zh/path_traversal_game.md
@@ -9,9 +9,7 @@
 - [8.报告格式](result.md)
 - [9.常见问题](faq.md)
 
-
 # appshark深入教程
-
 
 以一个path traversal的游戏贯穿本教程,让大家体会一下如何发现漏洞,修复漏洞以及如何用appshark发现问题.
 
@@ -195,7 +193,7 @@ public class VulProvider2 extends ContentProvider {
 因此添加sanitizer如下:
 ```json
 {
-  "sanitize": {
+  "sanitizer": {
     "getLastPathSegment": {
       "<android.net.Uri: java.lang.String getLastPathSegment()>": {
         "TaintCheck": [
@@ -266,7 +264,7 @@ public class VulProvider3 extends ContentProvider {
 我们不难想到就是下面的sanitizer:
 ```json
 {
-    "sanitize": {
+    "sanitizer": {
 
       "containsDotdot": {
         "<java.lang.String: boolean contains(java.lang.CharSequence)>": {
@@ -421,7 +419,7 @@ public class VulProvider5 extends ContentProvider {
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "getCanonicalFile": {
         "<java.io.File: java.io.File getCanonicalFile()>": {
           "TaintCheck": [
@@ -469,4 +467,3 @@ appshark是一个实用的基于指针分析的静态分析工具,虽然可以
 在appshark擅长的领域发挥出它的价值, 也为自己的日常工作带来帮助.
 
 另外,这里有完整的[appshark规则的撰写手册](how_to_write_rules.md)
-
diff --git a/...st/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableActivity.json b/...st/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableActivity.json
@@ -15,7 +15,7 @@
         "net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$Intent"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "immutable": {
         "<net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent: net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent getActivity(*)>": {
           "p3": [

diff --git a/...t/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableBroadcast.json b/...t/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableBroadcast.json
@@ -15,7 +15,7 @@
         "net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$Intent"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "immutable": {
         "<net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent: net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent getBroadcast(*)>": {
           "p3": [

diff --git a/...st/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableProvider.json b/...st/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableProvider.json
@@ -15,7 +15,7 @@
         "net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$Intent"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "immutable": {
         "<net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent: net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent getProvider(*)>": {
           "p3": [

diff --git a/...est/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableService.json b/...est/kotlin/net/bytedance/security/app/sanitizer/testdata/pendingIntentMutableService.json
@@ -15,7 +15,7 @@
         "net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$Intent"
       ]
     },
-    "sanitize": {
+    "sanitizer": {
       "immutable": {
         "<net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent: net.bytedance.security.app.sanitizer.testdata.PendingIntentMutable$PendingIntent getService(*)>": {
           "p3": [

diff --git a/...t/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipConstStringSanitizer.json b/...t/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipConstStringSanitizer.json
@@ -22,7 +22,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "rule2": {
         "ConstString": [
           "..*"

diff --git a/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipFieldSanitizer.json b/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipFieldSanitizer.json
@@ -22,7 +22,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "rule2": {
         "<net.bytedance.security.app.sanitizer.testdata.ZipSlip: java.lang.String instanceField>": {
           "TaintCheck": [

diff --git a/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipMethodCheck1.json b/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipMethodCheck1.json
@@ -22,7 +22,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "containsDotDot": {
         "<java.lang.String: boolean contains(java.lang.CharSequence)>": {
           "TaintCheck": [

diff --git a/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipMethodCheck4.json b/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipMethodCheck4.json
@@ -22,7 +22,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "containsDotDot": {
         "<soot.dummy.InvokeDynamic: java.lang.String makeConcatWithConstants(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>": {
         }

diff --git a/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipSliceMode2.json b/src/test/kotlin/net/bytedance/security/app/sanitizer/testdata/unZipSlipSliceMode2.json
@@ -19,7 +19,7 @@
         ]
       }
     },
-    "sanitize": {
+    "sanitizer": {
       "rule1": {
         "<java.io.File: java.lang.String getCanonicalPath()>": {
           "TaintCheck":["@this"]