diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source/jaaf.json b/server/projects/main/apps/scan_conf/management/commands/open_source/jaaf.json deleted file mode 100644 index ccf7280963..0000000000 --- a/server/projects/main/apps/scan_conf/management/commands/open_source/jaaf.json +++ /dev/null @@ -1,57 +0,0 @@ -[ - { - "name": "jaaf", - "display_name": "TCA-Armory-J1", - "description": "复杂场景下的JavaAPI检查", - "license": "自研", - "libscheme_set": [], - "task_processes": [ - "analyze", - "datahandle", - "compile" - ], - "scan_app": "codelint", - "scm_url": null, - "run_cmd": null, - "envs": null, - "build_flag": true, - "checkrule_set": [ - { - "real_name": "DeriveCheckIQConfigProcessorHandler", - "display_name": "DeriveCheckIQConfigProcessorHandler", - "severity": "warning", - "category": "usability", - "rule_title": "派生类接口调用检查 - IQConfigProcessor - Handler", - "rule_params": "msg=禁止使用此类型API\ninterface_class=IQConfigProcessor\ninterface_method=onParsed\nclass=android.os.Handler\nmethod=post;postAtTime;postDelayed;postAtFrontOfQueue", - "custom": true, - "languages": [ - "java" - ], - "solution": "根据业务需求评估禁用该API。", - "owner": null, - "labels": [], - "description": "禁止在实现IQConfigProcessor - onParsed接口的代码中,调用如参数所述的handler-post等api。", - "disable": false - }, - { - "real_name": "DeriveCheckIQConfigProcessorThread", - "display_name": "DeriveCheckIQConfigProcessorThread", - "severity": "warning", - "category": "usability", - "rule_title": "派生类接口调用检查 - IQConfigProcessor - Thread", - "rule_params": "msg=禁止使用此类型API\ninterface_class=IQConfigProcessor\ninterface_method=onParsed\nclass=java.lang.Thread\nmethod=run", - "custom": true, - "languages": [ - "java" - ], - "solution": "根据业务需求评估禁用该API。", - "owner": null, - "labels": [], - "description": "禁止在实现IQConfigProcessor - onParsed接口的代码中,调用如参数所述的handler-post等api。", - "disable": false - } - ], - "open_user": true, - "open_saas": false - } -] \ No newline at end of file diff --git a/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json index c68cc0ae9c..c8cdb4962e 100644 --- a/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json +++ b/server/projects/main/apps/scan_conf/management/commands/open_source_package/enhanced_api_java.json @@ -33,20 +33,6 @@ "rule_params": null, "state": "enabled" }, - { - "checktool": "jaaf", - "checkrule": "DeriveCheckIQConfigProcessorHandler", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, - { - "checktool": "jaaf", - "checkrule": "DeriveCheckIQConfigProcessorThread", - "severity": "warning", - "rule_params": null, - "state": "enabled" - }, { "checktool": "jaff", "checkrule": "DynamicAPICameraManager", diff --git a/tools/README.md b/tools/README.md index 3cfc480f0b..3bb08ada19 100644 --- a/tools/README.md +++ b/tools/README.md @@ -14,22 +14,3 @@ ### 如何在TCA上使用 在TCA上勾选名称以 `TCA-Armory` 开头的工具的规则。 - -## TCA-Loong_Beta龙(测试版) -Java/Kotlin API和函数调用链分析工具,无需申请License。 - -### 如何在TCA上使用 -在TCA上勾选以下工具规则: -- [JAFCBeta](../server/projects/main/apps/scan_conf/management/commands/open_source/jafc_beta.json#L4) -- [JAFFBeta](../server/projects/main/apps/scan_conf/management/commands/open_source/jaff_beta.json#L4) - -### 底层命令行工具 -涉及到的底层命令行工具有: -- [TCA-Loong_Beta龙(测试版)](https://github.com/TCATools/loong_beta) - -## [TCA-0Day_Checker(测试版)](https://github.com/TCATools/codedog_0Day_checker) -用于一些爆出高危漏洞的组件检查,主要用于前段时间的log4j检查,支持自定义规则用于检查其他组件,无需申请License。 - -### 如何在TCA上使用 -在TCA上勾选以下工具规则: -- [0DayChecker](../server/projects/main/apps/scan_conf/management/commands/open_source/0daychecker.json#L4)