Custom Issues

Custom issues allow you to define organization-specific security rules that extend beyond ONEKEY's standard detection framework. Using custom OQL queries, these rules identify specific files, patterns, or conditions in firmware that indicate security vulnerabilities unique to your environment. Once created, the platform automatically searches for custom issues across all uploaded firmware during analysis.

To get started:

1. Click Configuration in the top menu bar and select Custom Issues
2. Click Add new custom issue rule.

3. Provide a unique name, select your confidence level, add an optional description, and configure the CVSS 3.1 and 4.0 metrics.

   Note

   Both CVSS versions are mandatory.

4. In the File query field, write an OQL rule to define which files or conditions will flag the custom issue. For example, the query:

   path CONTAINS "httpd.conf" OR path CONTAINS "nginx.conf" OR path CONTAINS "apache2.conf"
   

   Creates a custom issue that flags web server configuration files that may contain insecure settings.

   See the complete list of file OQL fields for available options.

5. Click Create Issue Definition.

6. Rerun analysis on affected firmware for the changes to take effect.

Your custom issues will appear in both the Global Issues page and the individual firmware analysis views after analysis completes under Custom user defined.

Click the Edit icon to update a custom issue; click the Delete icon to remove it.

A good example of when a custom issue might come in handy is detecting an SMTP credential leak — a security issue where, for instance, employee credentials might be stored in a PHP configuration file (php.ini). To flag this, create a custom issue using the following OQL query:

name = "php.ini" AND string =~ "username =" AND string =~ "password ="

Set the CVSS 3.1 and 4.0 scores, and optionally add a comment describing the nature of the vulnerability.