diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseInfo-CVE-2024-5159.json b/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseInfo-CVE-2024-5159.json new file mode 100644 index 0000000000000000000000000000000000000000..eab2b3037dc28ef0c7d98fd4d0158fd421993e74 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseInfo-CVE-2024-5159.json @@ -0,0 +1,118 @@ +{ + "month": "2024-08", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-08", + "vul_id": { + "cve": "CVE-2024-5159", + "openharmony-sa": "" + }, + "severity": "medium", + "vul_description": { + "zh": "在 Vulkan API 中,如果输入着色器过于复杂,可能会生成长度超过 16 位限制的 SPIR-V 指令。SPIR-V 指令长度的超限可能导致意外行为或安全漏洞。此漏洞允许恶意用户通过构造复杂的着色器触发未检测到的异常情况,从而潜在地利用这些漏洞。", + "en": "In the Vulkan API, excessively complex input shaders can result in SPIR-V instructions exceeding the 16-bit length limit. This issue may lead to unintended behavior or potential security vulnerabilities. An attacker could exploit this by crafting overly complex shaders to trigger unhandled exceptions, leading to a possible exploit." + }, + "vul_impact": { + "zh": "如果未能正确检测并处理超出 SPIR-V 长度限制的指令,可能导致程序在运行时出现未定义的行为,包括崩溃或内存破坏。这种情况可能被恶意用户利用来执行恶意代码或导致拒绝服务 (DoS) 攻击。通过将此问题转化为受控崩溃,可以有效防止其被视为安全漏洞,从而提高系统的安全性。", + "en": "Failure to properly detect and handle SPIR-V instructions that exceed the 16-bit length limit could result in undefined behavior during runtime, including crashes or memory corruption. This issue could be exploited by malicious users to execute arbitrary code or cause a Denial of Service (DoS) attack. By converting this issue into a controlled crash, it effectively prevents the bug from being classified as a security vulnerability, enhancing overall system security." + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-08.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-08.md" + }, + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony-tpc/chromium_third_party_angle/pulls/34" + ], + "patch_file": [ + "https://gitee.com/openharmony-tpc/chromium_third_party_angle/blob/d2360c23eaee584886e7e999f5a482ccfb9c4eea/src/common/spirv/spirv_instruction_builder_autogen.cpp" + ], + "diff_file": [ + "https://gitee.com/openharmony-tpc/chromium_third_party_angle/pulls/34" + ] + } + }, + "affected_projects": "web_webview", + "object_type": "web_webview", + "affected_versions": [ + "4.0.0-4.0.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/out/Release/libGLESv2.so" + ], + "yara_rules": [ + "TestCaseRule-OpenHarmony-CVE-2024-5159.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseRule-CVE-2024-5159.yara b/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseRule-CVE-2024-5159.yara new file mode 100644 index 0000000000000000000000000000000000000000..2ea20f3f7fef62974414f9e530fdcb1a20f69120 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/08/CVE-2024-5159/TestCaseRule-CVE-2024-5159.yara @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule CVE20245159 +{ + meta: + date="2024-01-11" + openharmony_sa="" + cve="CVE-2024-5159" + affected_files="/out/Release/libGLESv2.so" + + strings: + + $fix_string = "Complex shader not representible in SPIR-V" + + condition: + $fix_string and console.log("CVE-2024-5159 testcase pass") +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseInfo-CVE-2023-7012.json b/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseInfo-CVE-2023-7012.json new file mode 100644 index 0000000000000000000000000000000000000000..cff1cc95cb1bbf14a3cd51aae7177bbd6f353a64 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseInfo-CVE-2023-7012.json @@ -0,0 +1,118 @@ +{ + "month": "2024-11", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-11", + "vul_id": { + "cve": "CVE-2023-7012", + "openharmony-sa": "" + }, + "severity": "low", + "vul_description": { + "zh": "在外部协议处理机制中,news: 和 snews: 协议被默认允许,这可能导致潜在的安全风险,例如意外地启动未经用户确认的应用程序。此漏洞允许恶意用户通过伪造这些协议的链接,诱导用户意外地启动本地应用程序,从而导致安全隐患。", + "en": "In the external protocol handling mechanism, news: and snews: schemes are treated as default-allowed, which may lead to potential security risks, such as unintentionally launching applications without user confirmation. This vulnerability allows malicious users to exploit these schemes by crafting links that could trick users into inadvertently opening local applications, posing a security threat." + }, + "vul_impact": { + "zh": "默认允许的 news: 和 snews: 协议可能被恶意用户利用,通过诱导用户点击恶意链接从而启动本地应用程序。这可能导致未授权的操作、数据泄露,甚至可能允许攻击者通过本地漏洞进一步执行恶意代码。", + "en": "The default-allowed news: and snews: schemes can be exploited by malicious users to trick users into clicking malicious links, leading to the unintended launch of local applications. This could result in unauthorized actions, data leakage, or even allow attackers to further execute malicious code via local vulnerabilities." + }, + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-11.md" + }, + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony-tpc/chromium_src/pulls/1394/files" + ], + "patch_file": [ + "https://gitee.com/openharmony-tpc/chromium_src/blob/8a3b7517a55507cca19c8a57e8da7ad1c9dbd8c4/tools/metrics/histograms/enums.xml" + ], + "diff_file": [ + "https://gitee.com/openharmony-tpc/chromium_src/pulls/1394/files" + ] + } + }, + "affected_projects": "web_webview", + "object_type": "web_webview", + "affected_versions": [ + "4.0.0-4.0.1" + ], + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/tools/metrics/histograms/enums.xml" + ], + "yara_rules": [ + "TestCaseRule-OpenHarmony-CVE-2023-7012.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseRule-CVE-2023-7012.yara b/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseRule-CVE-2023-7012.yara new file mode 100644 index 0000000000000000000000000000000000000000..5fbce342944deb6d1f55f2a59630dc8217bc9013 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/11/CVE-2023-7012/TestCaseRule-CVE-2023-7012.yara @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule CVE20237012 +{ + meta: + date="2024-01-11" + openharmony_sa="" + cve="CVE-2023-7012" + affected_files="/tools/metrics/histograms/enums.xml" + + strings: + + $fix_string = "mailto: Allowed by Default" + + condition: + $fix_string and console.log("CVE-2023-7012 testcase pass") +} \ No newline at end of file