From 4598cc42c927ff5a14e93b67612b112498d68230 Mon Sep 17 00:00:00 2001 From: linyy Date: Fri, 5 Jan 2024 12:31:50 +0000 Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20OpenHarmony-SA-2023-02?= =?UTF-8?q?06?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/.keep diff --git a/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/.keep b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/.keep new file mode 100644 index 0000000..e69de29 -- Gitee From b16f6606f0fbd7e5f1d70c92fd660548e236eaf2 Mon Sep 17 00:00:00 2001 From: linyy Date: Fri, 5 Jan 2024 12:32:05 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=E6=BC=8F=E6=B4=9E=E4=BF=A1=E6=81=AF?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=92=8Cyara=E8=A7=84=E5=88=99=E6=96=87?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: linyy --- .../TestCaseInfo-OpenHarmony-SA-2023-02.json | 15 ++ ...TestCaseInfo-OpenHarmony-SA-2023-0206.yara | 34 +++++ .../TestCaseInfo_vul_info_2023_02.json | 140 ++++++++++++++++++ 3 files changed, 189 insertions(+) create mode 100644 zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-02.json create mode 100644 zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-0206.yara create mode 100644 zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo_vul_info_2023_02.json diff --git a/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-02.json b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-02.json new file mode 100644 index 0000000..efb51ac --- /dev/null +++ b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-02.json @@ -0,0 +1,15 @@ +{ + "description": "Configuration for yara demo Tests", + "driver": { + "type": "OHYaraTest", + "yara-bin": "yara64.exe", + "version-mapping-file": "openHarmony_version_mapping.json", + "vul-info-file": "TestCaseInfo-vul_info_2023_02.json", + "tools-hap-info": { + "hap-file": "sststool.hap", + "bundle-name": "com.example.sststool" + } + }, + "kits": [ + ] +} \ No newline at end of file diff --git a/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-0206.yara b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-0206.yara new file mode 100644 index 0000000..73543c6 --- /dev/null +++ b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo-OpenHarmony-SA-2023-0206.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +import "console" +rule TestCaseInfo_OpenHarmony_SA_2023_0206 +{ +meta: + +date = "2023-02" +openharmony_sa = "OpenHarmony-SA-2023-0206" +cve = "CVE-2022-1304" +severity = "high" +affected_files = "libext2fs.z.so" //受影响于OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release,OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS +path = "standard_rk3568/lib.unstripped/distributeddatamgr/e2fsprogs/libext2fs.z.so" + +strings: + +$fix = "EXT2_ET_EXTENT_NO_DOWN" + + +condition: + $fix and console.log("OpenHarmony-SA-2023-0206 testcase pass") +} \ No newline at end of file diff --git a/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo_vul_info_2023_02.json b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo_vul_info_2023_02.json new file mode 100644 index 0000000..177f5fe --- /dev/null +++ b/zh/security-vulntest/testcases/2023/02/OpenHarmony-SA-2023-0201/OpenHarmony-SA-2023-0206/TestCaseInfo_vul_info_2023_02.json @@ -0,0 +1,140 @@ +{ + "month": "2023-02", + "release_time": "2022-07-21 14:53:08.541376", + "vulnerabilities": [ + { + "month": "2023-02", + + "vul_id": { + "cve": "CVE-2022-1304", + "openharmony-sa": "OpenHarmony-SA-2023-0206" + }, + + "severity": "high", + + "vul_description": { + "zh": "E2FSProgs:通过精确的文件系统读/写入", + "en": "E2FSProgs: read/write via precise file system" + }, + + "vul_impact": { + "zh": "E2FSProgs:通过精确的文件系统读/写入", + "en": "E2FSProgs: read/write via precise file system" + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/third_party_e2fsprogs/issues/I6D3KM", + "en": "https://gitee.com/openharmony/third_party_e2fsprogs/issues/I6D3KM" + }, + + "patch_info": { + "3.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51.diff" + ] + }, + "3.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51.diff" + ] + } + }, + + "affected_projects": "e2fsprogs", + + "affected_versions": [ + "3.1-3.1.6", + "3.0-LTS-3.0.7-LTS" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libext2fs.z.so" + ], + "yara_rules": [ + "TestCaseInfo-OpenHarmony-SA-2023-0206.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file -- Gitee