diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dangerous_permissions.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dangerous_permissions.json index 936967c5f..bdaafd1e5 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dangerous_permissions.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dangerous_permissions.json @@ -1,7 +1,7 @@ [ { - "name": "【Android】危险权限扫描", - "description": "扫描Android危险权限使用。", + "name": "【Android】危险权限分析", + "description": "分析Android项目中的危险权限使用。", "revision": null, "package_type": "official", "languages": [ diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json index b3899e284..d517ef7e2 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_dynamic_permissions.json @@ -1,7 +1,7 @@ [ { - "name": "【Android】动态权限调用扫描", - "description": "扫描Android动态权限调用。", + "name": "【Android】动态权限调用分析", + "description": "分析Android项目中的动态权限调用。", "revision": null, "package_type": "official", "languages": [ diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json index 0fe8849b8..b22958d31 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/android_privacy_compliance.json @@ -1,7 +1,7 @@ [ { "name": "【Android】隐私合规检查", - "description": "检查Android隐私API使用是否合规。", + "description": "检查Android项目中的隐私API使用是否合规。", "revision": null, "package_type": "official", "languages": [ diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/code_spec_oc.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/code_spec_oc.json new file mode 100644 index 000000000..2a2a8e467 --- /dev/null +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/code_spec_oc.json @@ -0,0 +1,67 @@ +[ + { + "name": "【Objective-C】代码规范规则包", + "description": "【Objective-C】代码规范规则包,要求启用独立工具。", + "revision": null, + "package_type": "official", + "languages": [ + "oc" + ], + "labels": [ + "规范" + ], + "checkrule_set": [ + { + "checktool": "collie", + "checkrule": "ObjectiveC/Copyright", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/Indent", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/MaxLinesPerFunction", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/MissingDocInterface", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/MissingDocProperty", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/MissingDocProtocol", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "collie", + "checkrule": "ObjectiveC/ParameterCount", + "severity": "info", + "rule_params": null, + "state": "enabled" + } + ], + "open_saas": false, + "envs": null + } +] \ No newline at end of file diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/dependency_vul.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/dependency_vul.json new file mode 100644 index 000000000..8cdd813f5 --- /dev/null +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/dependency_vul.json @@ -0,0 +1,48 @@ +[ + { + "name": "依赖漏洞规则包", + "description": "分析依赖组件漏洞,要求启用独立工具。", + "revision": null, + "package_type": "official", + "languages": [ + "python", + "php", + "cpp", + "java", + "cs", + "ruby", + "Go", + "ts", + "scala", + "js" + ], + "labels": [ + "安全" + ], + "checkrule_set": [ + { + "checktool": "compass", + "checkrule": "VUL_WARN", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "compass", + "checkrule": "VUL_INFO", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "compass", + "checkrule": "VUL_ERROR", + "severity": "error", + "rule_params": null, + "state": "enabled" + } + ], + "open_saas": false, + "envs": null + } +] \ No newline at end of file diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json new file mode 100644 index 000000000..a3b0ede69 --- /dev/null +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json @@ -0,0 +1,557 @@ +[ + { + "name": "【Java】强化API分析", + "description": "危险权限分析规则包、动态权限调用分析规则包、隐私合规检查规则包的强化版,要求启用独立工具。", + "revision": null, + "package_type": "official", + "languages": [ + "java" + ], + "labels": [ + "其他" + ], + "checkrule_set": [ + { + "checktool": "jaff", + "checkrule": "AudioRecordInit", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "camera1API", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "CheckCollectionsSortCopyOnWriteArrayList", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "ContactsAPI", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaaf", + "checkrule": "DeriveCheckIQConfigProcessorHandler", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaaf", + "checkrule": "DeriveCheckIQConfigProcessorThread", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPICameraManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPICameraManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPIGetExternalStorageDirectory", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPIGetExternalStorageDirectory", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPILocationManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPILocationManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPISubscriptionManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPISubscriptionManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPITelephonyManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPITelephonyManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPITwilightManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPITwilightManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPIWallpaperManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPIWallpaperManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicAPIWifiRttManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "DynamicAPIWifiRttManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicPermissionsActionImageCapture", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicPermissionsCalendarContract", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "DynamicPermissionsImageCapture", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FightImei", + "severity": "fatal", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FightImei", + "severity": "fatal", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FileRWModeReadable", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FileRWModeWriteable", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FileShareMediaStore", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FileSharePackageArchive", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindAudioRecord", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindClipboardInvoke", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindClipboardInvoke", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindClipboardInvoke2", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindClipboardInvoke2", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindConnectivityManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindConnectivityManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindCopyOnWriteArrayListSet", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindCopyOnWriteArrayListSet", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindLog4j", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindLog4j", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindMediaRecorder", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindNetworkInfo", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FindNetworkInfo", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindSmsManager", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindSmsMessage", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "FindZipFile", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "FuncCallGraph", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "LocationAPI", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "Log4jLogManager", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "Log4jLogManager", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoBuildModel", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoBuildModel", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoDeviceId", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoDeviceId", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoImei", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoImei", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoIMSI", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoIMSI", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoInstalledAppList", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoInstalledAppList", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoMacAddressNetworkInterface", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoMacAddressNetworkInterface", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoMacAddressWifiInfo", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoMacAddressWifiInfo", + "severity": "error", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "NoSIM", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "NoSIM", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "PhoneInfoAPI", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "SHA2CBC", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "SHA2CBC", + "severity": "info", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "StatBaseBuilderUpChain", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "StatMLFeedbackReportBuilderUpChain", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "UriFromFile", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jafc", + "checkrule": "UriFromFile", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "WIFIAPI", + "severity": "warning", + "rule_params": null, + "state": "enabled" + }, + { + "checktool": "jaff", + "checkrule": "ZipInputStream", + "severity": "error", + "rule_params": null, + "state": "enabled" + } + ], + "open_saas": false, + "envs": null + } +] \ No newline at end of file diff --git a/tools/README.md b/tools/README.md index c309073cd..d2b3fe07f 100644 --- a/tools/README.md +++ b/tools/README.md @@ -13,23 +13,61 @@ 需要申请License。 -## [TCA-Loong龙(测试版)](https://github.com/TCATools/loong) +## TCA-Loong龙(测试版) Java/Kotlin API和函数调用链分析工具,需要申请License。 -## [TCA-Loong_Beta龙(测试版)](https://github.com/TCATools/loong_beta) +### 如何在TCA上使用 +在TCA上勾选以下工具规则: +- [JAAF](../server/projects/main/apps/scan_conf/management/commands/open_source/jaaf.json#L4) +- [JAFC](../server/projects/main/apps/scan_conf/management/commands/open_source/jafc.json#L4) +- [JAFF](../server/projects/main/apps/scan_conf/management/commands/open_source/jaff.json#L4) + +### 底层命令行工具 +涉及到的底层命令行工具有: +- [TCA-Loong龙(测试版)](https://github.com/TCATools/loong) + +## TCA-Loong_Beta龙(测试版) Java/Kotlin API和函数调用链分析工具,无需申请License。 -## [TCA-Zeus(测试版)](https://github.com/TCATools/TCA-Zeus-linux) +### 如何在TCA上使用 +在TCA上勾选以下工具规则: +- [JAFCBeta](../server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json#L4) +- [JAFFBeta](../server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json#L4) + +### 底层命令行工具 +涉及到的底层命令行工具有: +- [TCA-Loong_Beta龙(测试版)](https://github.com/TCATools/loong_beta) + +## TCA-QL(测试版) 一款静态代码分析的解析端,开源测试版仅开放在linux上运行,需要申请License。 -## [TCA-Zeus_Beta(测试版)](https://github.com/TCATools/Zeus_Beta) +### 如何在TCA上使用 +在TCA上勾选以下工具规则: +- [TCA_QL_CPP](../server/projects/main/apps/scan_conf/management/commands/open_source/tca_ql_cpp.json#L4) +- [TCA_QL_Go](../server/projects/main/apps/scan_conf/management/commands/open_source/tca_ql_go.json#L4) +- [TCA_QL_PHP](../server/projects/main/apps/scan_conf/management/commands/open_source/tca_ql_php.json#L4) +- [TCA_QL_Python](../server/projects/main/apps/scan_conf/management/commands/open_source/tca_ql_python.json#L4) + +### 底层命令行工具 +涉及到的底层命令行工具有: +- [TCA-Zeus(测试版)](https://github.com/TCATools/TCA-Zeus-linux) +- [TCA-Hades(测试版)](https://github.com/TCATools/TCA-Hades-linux) + +## TCA-QL_Beta(测试版) 一款静态代码分析的解析端,开源测试版仅支持PHP语言,开源测试版仅开放在linux上运行,无需申请License。 -## [TCA-Hades(测试版)](https://github.com/TCATools/TCA-Hades-linux) -一款静态代码分析的分析端,开源测试版仅开放在linux上运行,需要申请License。 +### 如何在TCA上使用 +在TCA上勾选以下工具规则: +- [TCA_QL_Beta_PHP](../server/projects/main/apps/scan_conf/management/commands/open_source/tca_ql_php_beta.json#L4) -## [TCA-Hades_Beta(测试版)](https://github.com/TCATools/Hades_Beta) -一款静态代码分析的分析端,目前主要支持安全分析,开源测试版仅开放在linux上运行,无需申请License。 +### 底层命令行工具 +涉及到的底层命令行工具有: +- [TCA-Zeus_Beta(测试版)](https://github.com/TCATools/Zeus_Beta) +- [TCA-Hades_Beta(测试版)](https://github.com/TCATools/Hades_Beta) ## [TCA-0Day_Checker(测试版)](https://github.com/TCATools/codedog_0Day_checker) -用于一些爆出高危漏洞的组件检查,主要用于前段时间的log4j检查,支持自定义规则用于检查其他组件,需要申请License。 +用于一些爆出高危漏洞的组件检查,主要用于前段时间的log4j检查,支持自定义规则用于检查其他组件,无需申请License。 + +### 如何在TCA上使用 +在TCA上勾选以下工具规则: +- [0DayChecker](../server/projects/main/apps/scan_conf/management/commands/open_source/0daychecker.json#L4)