Skip to content
This repository was archived by the owner on Aug 25, 2021. It is now read-only.

Commit 139434f

Browse files
flankerhqdflankerhqd
committed
Update README.md
1 parent b3c59da commit 139434f

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

README.md

+39
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,45 @@ not understand the config files' content, do not modify them, leave them as it i
3535
JADE will output result to in a list to console and also writes json-ed result to output/ directory: {MD5_OF_INPUT_APK}.txt. A sample can be
3636
find in output directory of this repo: https://github.com/flankerhqd/JADE/blob/master/output/92db77bbe1cae9004f11ef9d3d6cbf08.txt
3737

38+
Snippet:
39+
}, {
40+
"desc": "sensitive data flow",
41+
"sourceStmt": "$r24 = virtualinvoke $r2.<android.content.Intent: java.lang.String getStringExtra(java.lang.String)>($r24)",
42+
"custom": "",
43+
"vulnKind": 2,
44+
"destMethod": "<cn.jpush.android.service.PushReceiver: void onReceive(android.content.Context,android.content.Intent)>",
45+
"paths": [],
46+
"destStmt": "virtualinvoke $r1.<android.content.Context: void sendBroadcast(android.content.Intent,java.lang.String)>($r27, $r24)",
47+
"sourceMethod": "<cn.jpush.android.service.PushReceiver: void onReceive(android.content.Context,android.content.Intent)>"
48+
}, {
49+
"desc": "sensitive data flow",
50+
"sourceStmt": "$r4 = virtualinvoke $r2.<android.content.Intent: android.os.Bundle getExtras()>()",
51+
"custom": "",
52+
"vulnKind": 2,
53+
"destMethod": "<com.fugao.fxhealth.receiver.JPushReceiver: void onReceive(android.content.Context,android.content.Intent)>",
54+
"paths": [],
55+
"destStmt": "virtualinvoke $r1.<android.content.Context: void startActivity(android.content.Intent)>($r2)",
56+
"sourceMethod": "<com.fugao.fxhealth.receiver.JPushReceiver: void onReceive(android.content.Context,android.content.Intent)>"
57+
}, {
58+
"desc": "sensitive data flow",
59+
"sourceStmt": "$r6 = virtualinvoke $r2.<android.content.Intent: java.lang.String getStringExtra(java.lang.String)>($r6)",
60+
"custom": "",
61+
"vulnKind": 2,
62+
"destMethod": "<cn.jpush.android.data.x: void a(android.content.Context)>",
63+
"paths": [],
64+
"destStmt": "virtualinvoke $r1.<android.content.Context: void startActivity(android.content.Intent)>($r2)",
65+
"sourceMethod": "<cn.jpush.android.service.PushReceiver: void onReceive(android.content.Context,android.content.Intent)>"
66+
}, {
67+
"desc": "sensitive data flow",
68+
"sourceStmt": "$r9 = virtualinvoke $r2.<android.content.Intent: java.lang.String getStringExtra(java.lang.String)>($r9)",
69+
"custom": "",
70+
"vulnKind": 2,
71+
"destMethod": "<cn.jpush.android.data.x: void a(android.content.Context)>",
72+
"paths": [],
73+
"destStmt": "virtualinvoke $r1.<android.content.Context: void startActivity(android.content.Intent)>($r2)",
74+
"sourceMethod": "<cn.jpush.android.service.PushReceiver: void onReceive(android.content.Context,android.content.Intent)>"
75+
}]
76+
}
3877
# Hint
3978
To avoid OOM, add -Xmx option to commandline, e.g. java -jar jade-0.1.jar -Xmx8192m
4079

0 commit comments

Comments
 (0)