Some rules have the same crime label

Question

Some rules have the same crime label

cryptax opened this issue 4 years ago · 2 comments

Rule 51 and 63 have the same crime label, which is disturbing when you view results.
I suggest you slightly modify the label of 51 to "Implicit intent(view a web page, make a phone call, etc.) via setData" ?

# cat ./quark-rules/00051.json
{
    "crime": "Implicit intent(view a web page, make a phone call, etc.)",
    "x1_permission": [],
    "x2n3n4_comb": [
        {
            "class": "Landroid/net/Uri;",
            "method": "parse",
            "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;"
        },
        {
            "class": "Landroid/content/Intent;",
            "method": "setData",
            "descriptor": "(Landroid/net/Uri;)Landroid/content/Intent;"
        }
    ],
    "yscore": 1,
    "label": [
        "control"
    ]
}
# cat ./quark-rules/00063.json 
{
    "crime": "Implicit intent(view a web page, make a phone call, etc.)",
    "x1_permission": [],
    "x2n3n4_comb": [
        {
            "class": "Landroid/net/Uri;",
            "method": "parse",
            "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;"
        },
        {
            "class": "Landroid/content/Intent;",
            "method": "<init>",
            "descriptor": "(Ljava/lang/String; Landroid/net/Uri;)V"
        }
    ],
    "yscore": 1,
    "label": [
        "control"
    ]

Answer 1 · 2021-02-09T11:05:30.000Z

Hello @cryptax ,

Thank you for your kind suggestion. We are expanding the rules set a lot. So far, the crime labels for these rules are typed manually within my limited knowledge, so different APIs might have similar behavior.

I will modify the label of 51 based on your suggestion, really appreciate your help! 😄

Answer 2 · 2021-02-09T11:14:29.000Z

@cryptax Now you can use freshquark to update the rule set and it should work like a charm 😄