Some rules have the same crime label
cryptax opened this issue · 2 comments
cryptax commented
Rule 51 and 63 have the same crime label, which is disturbing when you view results.
I suggest you slightly modify the label of 51 to "Implicit intent(view a web page, make a phone call, etc.) via setData" ?
# cat ./quark-rules/00051.json
{
"crime": "Implicit intent(view a web page, make a phone call, etc.)",
"x1_permission": [],
"x2n3n4_comb": [
{
"class": "Landroid/net/Uri;",
"method": "parse",
"descriptor": "(Ljava/lang/String;)Landroid/net/Uri;"
},
{
"class": "Landroid/content/Intent;",
"method": "setData",
"descriptor": "(Landroid/net/Uri;)Landroid/content/Intent;"
}
],
"yscore": 1,
"label": [
"control"
]
}
# cat ./quark-rules/00063.json
{
"crime": "Implicit intent(view a web page, make a phone call, etc.)",
"x1_permission": [],
"x2n3n4_comb": [
{
"class": "Landroid/net/Uri;",
"method": "parse",
"descriptor": "(Ljava/lang/String;)Landroid/net/Uri;"
},
{
"class": "Landroid/content/Intent;",
"method": "<init>",
"descriptor": "(Ljava/lang/String; Landroid/net/Uri;)V"
}
],
"yscore": 1,
"label": [
"control"
]
krnick commented
Hello @cryptax ,
Thank you for your kind suggestion. We are expanding the rules set a lot. So far, the crime labels for these rules are typed manually within my limited knowledge, so different APIs might have similar behavior.
I will modify the label of 51 based on your suggestion, really appreciate your help! 😄