rename demo/sectest/static_patch_scan/2022-10/OpenHarmony-2022-1001.yara.

Signed-off-by: N opentest123 <ld1999@bupt.edu.cn>

rename demo/sectest/static_patch_scan/2022-10/OpenHarmony-2022-1001.yara.
Signed-off-by: N opentest123 <ld1999@bupt.edu.cn>
87340e05 · opentest123 · Gitee · 1ac5e694 · 87340e05
隐藏空白更改
内联并排

Showing with 20 addition and 5 deletion

demo/sectest/static_patch_scan/2022-10/OpenHarmony-2022-1001.yara ...test/static_patch_scan/2022-10/OpenHarmony-2022-1001.yara +20 -5

未找到文件。
--- a/demo/sectest/static_patch_scan/2022-10/OpenHarmony-2022-1001.sh
+++ b/demo/sectest/static_patch_scan/2022-10/OpenHarmony-2022-1001.sh
@@ -12,9 +12,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-if(cat "/etc/group" | grep "servicectrl:x:3047:root,shell,system,samgr,hdf_devmgr");then
-	echo "OpenHarmony-SA-2022-1001 testcase pass"
-else
-	echo "OpenHarmony-SA-2022-1001 testcase fail"
-fi
+import "console"
+import "elf"
+rule OpenHarmony_SA_2022_1001
+{
+meta:
+
+date = "2022-10"
+openharmony_sa = "OpenHarmony-SA-2022-1001"
+severity = "high"
+affected_files = "/etc/group" //OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
+
+
+strings:
+
+$fix = "servicectrl:x:3047:root,shell,system,samgr,hdf_devmgr"  //更新后字符串
+
+
+condition:
+ (elf.machine == elf.EM_ARM) and $fix and console.log("OpenHarmony-SA-2022-1001 testcase pass")
+}