Skip to content

Add Quark Script APIs to detect CWE-359#802

Merged
haeter525 merged 9 commits into
ev-flow:masterfrom
zinwang:add_quark_script_api_to_detect_cwe_359
Aug 22, 2025
Merged

Add Quark Script APIs to detect CWE-359#802
haeter525 merged 9 commits into
ev-flow:masterfrom
zinwang:add_quark_script_api_to_detect_cwe_359

Conversation

@zinwang

@zinwang zinwang commented Aug 20, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

The following three APIs are added to detect CWE-359:

Quark Core API

BaseApkinfo.providers(self)

  • Description: Get provider elements from the manifest file.
  • return: python list containing provider elements

Quark Script API

getProviders(samplePath)

  • Description: Get provider elements from the manifest file of the target sample.
  • params:
    1. samplePath: the file path of target sample
  • return: python list containing provider elements

providerInstance.isExported(none)

  • Description: Check if the provider element set android:exported=true.
  • params: none
  • return: True/False

@zinwang zinwang changed the title Add quark script api to detect CWE 359 Add Quark Script APIs to detect CWE 359 Aug 20, 2025
@codecov

codecov Bot commented Aug 20, 2025
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 96.87500% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.10%. Comparing base (cda3352) to head (cb9bf9b).
⚠️ Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
quark/script/__init__.py 93.33% 1 Missing ⚠️
tests/core/test_apkinfo.py 96.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #802      +/-   ##
==========================================
+ Coverage   80.94%   81.10%   +0.16%     
==========================================
  Files          75       75              
  Lines        6308     6372      +64     
==========================================
+ Hits         5106     5168      +62     
- Misses       1202     1204       +2
Flag Coverage Δ
unittests 81.10% <96.87%> (+0.16%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@zinwang zinwang requested a review from haeter525 August 20, 2025 16:57
@zinwang zinwang changed the title Add Quark Script APIs to detect CWE 359 Add Quark Script APIs to detect CWE-359 Aug 20, 2025
haeter525
haeter525 requested changes Aug 21, 2025
View reviewed changes
Comment thread tests/core/test_apkinfo.py Outdated

class TestAnotherApkinfo:
@staticmethod
def test_providers(apkinfoPivaa):

@haeter525 haeter525 Aug 21, 2025

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you define this unit test under the TestApkinfo class? I don’t see a need to introduce another class for it.

@zinwang zinwang force-pushed the add_quark_script_api_to_detect_cwe_359 branch from cf987f6 to cb9bf9b Compare August 22, 2025 07:03
haeter525
haeter525 approved these changes Aug 22, 2025
View reviewed changes

@haeter525 haeter525 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank @zinwang !

@haeter525 haeter525 merged commit 08e609e into ev-flow:master Aug 22, 2025
19 checks passed
@github-actions github-actions Bot mentioned this pull request Sep 1, 2025
Closed
@github-actions github-actions Bot mentioned this pull request May 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@haeter525 haeter525 haeter525 approved these changes

Assignees

No one assigned

Labels

pr-processing-state-05

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zinwang @haeter525