From 3ef11a7f3191620999c6b7cb8646b1b1f987ebbc Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Mon, 19 Feb 2024 14:47:47 +0000 Subject: [PATCH 1/5] Return null from getElementById if no element found --- tools/malwarejail/env/web/document.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/malwarejail/env/web/document.js b/tools/malwarejail/env/web/document.js index 845237d2..f4c28432 100644 --- a/tools/malwarejail/env/web/document.js +++ b/tools/malwarejail/env/web/document.js @@ -438,8 +438,7 @@ Document = _proxy(function () { return elements_of_interest[0]; } util_log(this._name + ".getElementById(" + n + ") => null"); - // Bad hack here because it doesn't really matter - return this._elements[0]; + return null; }; // https://developer.mozilla.org/en-US/docs/Web/API/Document/getElementsByClassName From 84a9e38c7c9251095864235a3505c8b89ffa7cf8 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Mon, 19 Feb 2024 14:48:40 +0000 Subject: [PATCH 2/5] Handle lookups in JQuery; Adding $.parseJSON() --- tools/malwarejail/env/web/browser.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/malwarejail/env/web/browser.js b/tools/malwarejail/env/web/browser.js index bdac31bf..16acc185 100644 --- a/tools/malwarejail/env/web/browser.js +++ b/tools/malwarejail/env/web/browser.js @@ -136,6 +136,13 @@ $ = function (thing) { let id = thing(); util_log("$(...) => '" + id + "'"); return document.getElementById(id); + } else if (typeof thing === "string" && thing.indexOf("#") !== -1 && thing.indexOf("#") > 1) { + // This is a getter for element AND attribute! + let split_selector = thing.split("#"); + let id = split_selector[0]; + let attribute = split_selector[1]; + let element = document.getElementById(id); + return element; } return document.getElementById(thing); }; @@ -259,6 +266,9 @@ $.on = function (element, events, selector, handler) { } } +// https://api.jquery.com/jQuery.parseJSON/#jQuery-parseJSON-json +$.parseJSON = JSON.parse; + $.toString = $.toJSON = () => { return "jQuery" } jQuery = $; From e116b9b74b0c64dcfdb9f7649406fed77b4a8e76 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Mon, 19 Feb 2024 14:49:24 +0000 Subject: [PATCH 3/5] Adding _hyphenatedKeyToCamelCase method for re-use in dataset attribute handling --- tools/malwarejail/env/web/element.js | 33 ++++++++++++++++++---------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tools/malwarejail/env/web/element.js b/tools/malwarejail/env/web/element.js index 2ffbe46d..e4b83d37 100644 --- a/tools/malwarejail/env/web/element.js +++ b/tools/malwarejail/env/web/element.js @@ -428,6 +428,22 @@ Element = _proxy(function (n) { util_log(this._name + ".scrollTo(" + Array.prototype.slice.call(arguments, 0).join(",") + ")"); } + // if key is a hyphenated HTML attribute (blah-blah-blah), we want to convert + // this to camel Case (blahBlahBlah) and try to map it to the correct property + this._hyphenatedKeyToCamelCase = function (key) { + if (key.split("-").length > 1) { + let split_key = key.toLowerCase().split("-"); + for (let index = 1; index < split_key.length; index++) { + let itemToCapitalize = split_key[index][0].toUpperCase(); + let nonCapitalizedItem = split_key[index].slice(1,); + split_key[index] = itemToCapitalize + nonCapitalizedItem; + } + let camelCase_key = split_key.join(""); + return camelCase_key; + } + return key; + } + // https://developer.mozilla.org/en-US/docs/Web/API/Element/setAttribute this.setAttribute = function (n, v) { @@ -440,10 +456,11 @@ Element = _proxy(function (n) { } if (n.slice(0, 5) === "data-") { - var key = n.slice(5,); + let key = n.slice(5,); + let camelCase_key = this._hyphenatedKeyToCamelCase(key); this._dataset = {}; - this._dataset[key] = v; - util_log(this._name + "._dataset[" + key + "] = " + _truncateOutput(this._dataset[key])) + this._dataset[camelCase_key] = v; + util_log(this._name + "._dataset[" + camelCase_key + "] = " + _truncateOutput(this._dataset[camelCase_key])); } else if (n in this) { this[n] = v; // If n is in the lower case object keys, try to map it to the correct property @@ -465,16 +482,8 @@ Element = _proxy(function (n) { util_log(this._name + "._attributes[" + n + "] = '" + _truncateOutput(v) + "'"); this._attributes[n] = v; } - // if n is a hyphenated HTML attribute (blah-blah-blah), we want to convert - // this to camel Case (blahBlahBlah) and try to map it to the correct property } else if (n.split("-").length > 1) { - let split_n = n.toLowerCase().split("-"); - for (let index = 1; index < split_n.length; index++) { - let itemToCapitalize = split_n[index][0].toUpperCase(); - let nonCapitalizedItem = split_n[index].slice(1,); - split_n[index] = itemToCapitalize + nonCapitalizedItem; - } - let camelCase_n = split_n.join(""); + let camelCase_n = this._hyphenatedKeyToCamelCase(n); if (camelCase_n in this) { this[camelCase_n] = v; } else { From 971364730acd767ae9f10e28fea5fa66954ad2a8 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Mon, 19 Feb 2024 14:50:38 +0000 Subject: [PATCH 4/5] Updating f9e7 test because it relied on getElementById defaulting to returning an element that wasn't requested, when in fact the code should be crashing --- .../result.json | 272 +----------------- 1 file changed, 12 insertions(+), 260 deletions(-) diff --git a/tests/results/f9e764b07015f388de096a1b240b7d7e96ce615abf32c63f7afc848a1822ae2a/result.json b/tests/results/f9e764b07015f388de096a1b240b7d7e96ce615abf32c63f7afc848a1822ae2a/result.json index aef4028d..730c27a4 100644 --- a/tests/results/f9e764b07015f388de096a1b240b7d7e96ce615abf32c63f7afc848a1822ae2a/result.json +++ b/tests/results/f9e764b07015f388de096a1b240b7d7e96ce615abf32c63f7afc848a1822ae2a/result.json @@ -1,7 +1,7 @@ { "extra": { "drop_file": false, - "score": 852, + "score": 332, "sections": [ { "auto_collapse": false, @@ -120,7 +120,7 @@ }, { "auto_collapse": false, - "body": "JavaScript sends a network request via AJAX and jQuery\n\t\t$.ajax({\"url\":\"https://www.moneyminerxyx.xyz/dude/post.php\",\"type\":\"POST\",\"data\":{\"email\":\"blah.blah...\n\t\t$.ajax({", + "body": "JavaScript sends a network request via AJAX and jQuery\n\t\t$.ajax({", "body_config": {}, "body_format": "TEXT", "classification": "TLP:C", @@ -144,31 +144,7 @@ }, { "auto_collapse": false, - "body": "A domain associated with GeoIP services was observed\n\t\tDomain 'api.ipify.org' is for a GeoIP service.", - "body_config": {}, - "body_format": "TEXT", - "classification": "TLP:C", - "depth": 1, - "heuristic": { - "attack_ids": [], - "frequency": 1, - "heur_id": 3, - "score": 10, - "score_map": { - "geoip_service_request": 10 - }, - "signatures": { - "geoip_service_request": 1 - } - }, - "promote_to": null, - "tags": {}, - "title_text": "Signature: GeoIPServiceRequest", - "zeroize_on_tag_safe": false - }, - { - "auto_collapse": false, - "body": "JavaScript sends a network request via jQuery\n\t\t$.getJSON(https://api.ipify.org?format=json,function(data){? userIP = data.ip;? })\n\t\t$.getJSON('https://api.ipify.org?format=json', function(data){", + "body": "JavaScript sends a network request via jQuery\n\t\t$.getJSON('https://api.ipify.org?format=json', function(data){", "body_config": {}, "body_format": "TEXT", "classification": "TLP:C", @@ -190,54 +166,6 @@ "title_text": "Signature: JQueryNetworkRequest", "zeroize_on_tag_safe": false }, - { - "auto_collapse": false, - "body": "JavaScript sends a network request\n\t\tXMLHttpRequest[34].send()", - "body_config": {}, - "body_format": "TEXT", - "classification": "TLP:C", - "depth": 1, - "heuristic": { - "attack_ids": [], - "frequency": 1, - "heur_id": 3, - "score": 10, - "score_map": { - "network_request": 10 - }, - "signatures": { - "network_request": 1 - } - }, - "promote_to": null, - "tags": {}, - "title_text": "Signature: NetworkRequest", - "zeroize_on_tag_safe": false - }, - { - "auto_collapse": false, - "body": "JavaScript makes network request via POST with password data.\n\t\tXMLHttpRequest[36].send({\"email\":\"blah.blah@blah.com\",\"pwd\":\"JsJ@w$==C00l!\",\"verify\":\"stepOne\",\"user...\n\t\tXMLHttpRequest[36].send({\"email\":\"blah.blah@blah.com\",\"pwd\":\"JsJ@w$==C00l!\",\"verify\":\"stepOne\",\"user...", - "body_config": {}, - "body_format": "TEXT", - "classification": "TLP:C", - "depth": 1, - "heuristic": { - "attack_ids": [], - "frequency": 1, - "heur_id": 3, - "score": 500, - "score_map": { - "phishing_post_password": 500 - }, - "signatures": { - "phishing_post_password": 1 - } - }, - "promote_to": null, - "tags": {}, - "title_text": "Signature: PhishingPostPassword", - "zeroize_on_tag_safe": false - }, { "auto_collapse": false, "body": "JavaScript prompts user to re-enter account data.\n\t\t$('.pwdErr').text('Incorrect Password, Try again')\n\t\talert(\"Download Failed! - Wrong password detected, please try again.\")\n\t\t// $('.pwdErr').text('Incorrect Password, Try again')\n\t\talert('Download Failed! - Wrong password detected, please try again.!')", @@ -293,14 +221,6 @@ "ioc": "2fseeklogo.com", "ioc_type": "domain" }, - { - "ioc": "api.ipify.org", - "ioc_type": "domain" - }, - { - "ioc": "blah.com", - "ioc_type": "domain" - }, { "ioc": "mail1.ccistack.com", "ioc_type": "domain" @@ -309,18 +229,6 @@ "ioc": "www.adobe.com", "ioc_type": "domain" }, - { - "ioc": "www.moneyminerxyx.xyz", - "ioc_type": "domain" - }, - { - "ioc": "127.0.0.1", - "ioc_type": "ip" - }, - { - "ioc": "https://api.ipify.org?format=json", - "ioc_type": "uri" - }, { "ioc": "https://code.jquery.com/jquery-3.4.1.min.js", "ioc_type": "uri" @@ -337,14 +245,6 @@ "ioc": "https://www.adobe.com/favicon.ico", "ioc_type": "uri" }, - { - "ioc": "https://www.moneyminerxyx.xyz/dude/post.php", - "ioc_type": "uri" - }, - { - "ioc": "/dude/post.php", - "ioc_type": "uri_path" - }, { "ioc": "/favicon.ico", "ioc_type": "uri_path" @@ -360,10 +260,6 @@ { "ioc": "/jquery-3.4.1.min.js", "ioc_type": "uri_path" - }, - { - "ioc": "?format=json", - "ioc_type": "uri_path" } ], "body_config": { @@ -389,30 +285,20 @@ "static": { "domain": [ "2fseeklogo.com", - "api.ipify.org", - "blah.com", "mail1.ccistack.com", - "www.adobe.com", - "www.moneyminerxyx.xyz" - ], - "ip": [ - "127.0.0.1" + "www.adobe.com" ], "uri": [ - "https://api.ipify.org?format=json", "https://code.jquery.com/jquery-3.4.1.min.js", "https://mail1.ccistack.com/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MWYyZDNiMzJmP2RmNmZlMjQ+MmJjZmRhMTI1MzUwMGQyPmRhNjc0ZiFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3A%2F%2Fseeklogo.com%2Fimages%2FA%2Fadobe-logo-5CC38E11AD-seeklogo.com.png&fmlBlkTk", "https://mail1.ccistack.com/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6YTc/YTBjPmIyNjJlMT41MT82MGM+MDExZGI/YzU/MDcwYTZmMzMyMyFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3A%2F%2Fseeklogo.com%2Fimages%2FA%2FAdobe_PDF-logo-D4883D5CD6-seeklogo.com.png&fmlBlkTk", - "https://www.adobe.com/favicon.ico", - "https://www.moneyminerxyx.xyz/dude/post.php" + "https://www.adobe.com/favicon.ico" ], "uri_path": [ - "/dude/post.php", "/favicon.ico", "/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MWYyZDNiMzJmP2RmNmZlMjQ+MmJjZmRhMTI1MzUwMGQyPmRhNjc0ZiFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3A%2F%2Fseeklogo.com%2Fimages%2FA%2Fadobe-logo-5CC38E11AD-seeklogo.com.png&fmlBlkTk", "/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6YTc/YTBjPmIyNjJlMT41MT82MGM+MDExZGI/YzU/MDcwYTZmMzMyMyFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3A%2F%2Fseeklogo.com%2Fimages%2FA%2FAdobe_PDF-logo-D4883D5CD6-seeklogo.com.png&fmlBlkTk", - "/jquery-3.4.1.min.js", - "?format=json" + "/jquery-3.4.1.min.js" ] } } @@ -434,29 +320,12 @@ { "method": "get", "url": "https://code.jquery.com/jquery-3.4.1.min.js" - }, - { - "method": "get", - "url": "https://api.ipify.org?format=json" - }, - { - "method": "post", - "request_body": { - "OSName": "Windows", - "email": "blah.blah@blah.com", - "pwd": "JsJ@w$==C00l!", - "userBrowser": "IE8", - "userIP": "127.0.0.1", - "verify": "stepOne" - }, - "url": "https://www.moneyminerxyx.xyz/dude/post.php" } ], "body_config": { "column_order": [ "url", - "method", - "request_body" + "method" ] }, "body_format": "TABLE", @@ -475,23 +344,17 @@ "network": { "dynamic": { "domain": [ - "mail1.ccistack.com", - "api.ipify.org", - "www.moneyminerxyx.xyz" + "mail1.ccistack.com" ], "uri": [ "https://mail1.ccistack.com/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MWYyZDNiMzJmP2RmNmZlMjQ+MmJjZmRhMTI1MzUwMGQyPmRhNjc0ZiFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3a%2f%2fseeklogo.com%2fimages%2fA%2fadobe-logo-5CC38E11AD-seeklogo.com.png&fmlBlkTk", "https://mail1.ccistack.com/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6YTc/YTBjPmIyNjJlMT41MT82MGM+MDExZGI/YzU/MDcwYTZmMzMyMyFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3a%2f%2fseeklogo.com%2fimages%2fA%2fAdobe_PDF-logo-D4883D5CD6-seeklogo.com.png&fmlBlkTk", - "https://code.jquery.com/jquery-3.4.1.min.js", - "https://api.ipify.org?format=json", - "https://www.moneyminerxyx.xyz/dude/post.php" + "https://code.jquery.com/jquery-3.4.1.min.js" ], "uri_path": [ "/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MWYyZDNiMzJmP2RmNmZlMjQ+MmJjZmRhMTI1MzUwMGQyPmRhNjc0ZiFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3a%2f%2fseeklogo.com%2fimages%2fA%2fadobe-logo-5CC38E11AD-seeklogo.com.png&fmlBlkTk", "/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6YTc/YTBjPmIyNjJlMT41MT82MGM+MDExZGI/YzU/MDcwYTZmMzMyMyFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3a%2f%2fseeklogo.com%2fimages%2fA%2fAdobe_PDF-logo-D4883D5CD6-seeklogo.com.png&fmlBlkTk", - "/jquery-3.4.1.min.js", - "?format=json", - "/dude/post.php" + "/jquery-3.4.1.min.js" ] } } @@ -502,12 +365,7 @@ ] }, "files": { - "extracted": [ - { - "name": "https://www.moneyminerxyx.xyz/dude/post.php", - "sha256": "5939a2bc0ad57031fee444aeac4bd236c21ef5e5a2b5ec961fec6e8100c51c6c" - } - ], + "extracted": [], "supplementary": [ { "name": "temp_javascript.js", @@ -534,13 +392,6 @@ "ajax_network_request" ] }, - { - "attack_ids": [], - "heur_id": 3, - "signatures": [ - "geoip_service_request" - ] - }, { "attack_ids": [], "heur_id": 3, @@ -548,20 +399,6 @@ "jquery_network_request" ] }, - { - "attack_ids": [], - "heur_id": 3, - "signatures": [ - "network_request" - ] - }, - { - "attack_ids": [], - "heur_id": 3, - "signatures": [ - "phishing_post_password" - ] - }, { "attack_ids": [], "heur_id": 3, @@ -589,28 +426,13 @@ ], "tags": { "network.dynamic.domain": [ - { - "heur_id": 1, - "signatures": [], - "value": "api.ipify.org" - }, { "heur_id": 1, "signatures": [], "value": "mail1.ccistack.com" - }, - { - "heur_id": 1, - "signatures": [], - "value": "www.moneyminerxyx.xyz" } ], "network.dynamic.uri": [ - { - "heur_id": 1, - "signatures": [], - "value": "https://api.ipify.org?format=json" - }, { "heur_id": 1, "signatures": [], @@ -625,19 +447,9 @@ "heur_id": 1, "signatures": [], "value": "https://mail1.ccistack.com/fmlurlsvc/?fewReq=:B:JVc9NjIyPSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6YTc/YTBjPmIyNjJlMT41MT82MGM+MDExZGI/YzU/MDcwYTZmMzMyMyFzOjYxNDI2PjE0MjYhdm5jOjY+V0tEUjBENzc+Mjc+KjY+V0tEUjBDNzc+Mjc+IXVkd3M6bGtmZnRxZmlzb2hodUdkZG5qZm5rKWRoaiFkOjY+IW9jazo3&url=https%3a%2f%2fseeklogo.com%2fimages%2fA%2fAdobe_PDF-logo-D4883D5CD6-seeklogo.com.png&fmlBlkTk" - }, - { - "heur_id": 1, - "signatures": [], - "value": "https://www.moneyminerxyx.xyz/dude/post.php" } ], "network.dynamic.uri_path": [ - { - "heur_id": 1, - "signatures": [], - "value": "/dude/post.php" - }, { "heur_id": 1, "signatures": [], @@ -652,11 +464,6 @@ "heur_id": 1, "signatures": [], "value": "/jquery-3.4.1.min.js" - }, - { - "heur_id": 1, - "signatures": [], - "value": "?format=json" } ], "network.static.domain": [ @@ -665,16 +472,6 @@ "signatures": [], "value": "2fseeklogo.com" }, - { - "heur_id": 2, - "signatures": [], - "value": "api.ipify.org" - }, - { - "heur_id": 2, - "signatures": [], - "value": "blah.com" - }, { "heur_id": 2, "signatures": [], @@ -684,26 +481,9 @@ "heur_id": 2, "signatures": [], "value": "www.adobe.com" - }, - { - "heur_id": 2, - "signatures": [], - "value": "www.moneyminerxyx.xyz" - } - ], - "network.static.ip": [ - { - "heur_id": 2, - "signatures": [], - "value": "127.0.0.1" } ], "network.static.uri": [ - { - "heur_id": 2, - "signatures": [], - "value": "https://api.ipify.org?format=json" - }, { "heur_id": 2, "signatures": [], @@ -723,19 +503,9 @@ "heur_id": 2, "signatures": [], "value": "https://www.adobe.com/favicon.ico" - }, - { - "heur_id": 2, - "signatures": [], - "value": "https://www.moneyminerxyx.xyz/dude/post.php" } ], "network.static.uri_path": [ - { - "heur_id": 2, - "signatures": [], - "value": "/dude/post.php" - }, { "heur_id": 2, "signatures": [], @@ -755,27 +525,9 @@ "heur_id": 2, "signatures": [], "value": "/jquery-3.4.1.min.js" - }, - { - "heur_id": 2, - "signatures": [], - "value": "?format=json" } ] }, - "temp_submission_data": { - "uri_metadata_97d0caedad3488b7d8f801c97b280a64": { - "headers": {}, - "json": { - "OSName": "Windows", - "email": "blah.blah@blah.com", - "pwd": "JsJ@w$==C00l!", - "userBrowser": "IE8", - "userIP": "127.0.0.1", - "verify": "stepOne" - }, - "method": "POST" - } - } + "temp_submission_data": {} } } \ No newline at end of file From 0410edf160e5e733d5fee5fc7ed0c4bfd8f64593 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Mon, 19 Feb 2024 14:50:59 +0000 Subject: [PATCH 5/5] Updating 75a3 test --- .../result.json | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/results/75a35b91e6295c6287dbd858663b9f126bfd6e29a278e435ab9c17c2eda25ee1/result.json b/tests/results/75a35b91e6295c6287dbd858663b9f126bfd6e29a278e435ab9c17c2eda25ee1/result.json index 6ed63114..22de7487 100644 --- a/tests/results/75a35b91e6295c6287dbd858663b9f126bfd6e29a278e435ab9c17c2eda25ee1/result.json +++ b/tests/results/75a35b91e6295c6287dbd858663b9f126bfd6e29a278e435ab9c17c2eda25ee1/result.json @@ -1,7 +1,7 @@ { "extra": { "drop_file": false, - "score": 2622, + "score": 2872, "sections": [ { "auto_collapse": false, @@ -386,12 +386,10 @@ "attack_ids": [], "frequency": 1, "heur_id": 15, - "score": 0, - "score_map": { - "dom_writes_equal_2": 0 - }, + "score": 250, + "score_map": {}, "signatures": { - "dom_writes_equal_2": 1 + "dom_writes_equal_3": 1 } }, "promote_to": null, @@ -457,7 +455,7 @@ "attack_ids": [], "heur_id": 15, "signatures": [ - "dom_writes_equal_2" + "dom_writes_equal_3" ] }, {