Optimize the document of Quark Script CWE-601

[pulorsok]

CWE-601 Detection Process Using Quark Script API

Let’s use the above APIs to show how the Quark script finds this vulnerability.

To detect the vulnerability, we use the API findMethodInAPK(samplePath, targetMethod) to find all the caller methods of startActivity. Next, we examine the arguments of each method to discover the methods receiving external input. If a method receives external input but lacks proper input validation, the CWE-601 vulnerability is identified.

Quark Script: CWE-601.py

from quark.script import findMethodInAPK

SAMPLE_PATH = 'ovaa.apk'

# This is the input for findMethodInAPK, formatted as class name, method name, descriptor
TARGET_METHOD = ["", "startActivity", "(Landroid/content/Intent;)V"]

"""
Due to varying descriptors and classes in smali code from different APIs,
our search relies solely on the consistent method names.
"""

EXTERNAL_INPUT_METHODS = ["getIntent", "getQueryParameter"]

INPUT_FILTER_METHODS = [
    "parse",
    "isValidUrl",
    "Pattern",
    "Matcher",
    "encode",
    "decode",
    "escapeHtml",
    "HttpURLConnection",
]

redirectMethods = findMethodInAPK(SAMPLE_PATH, TARGET_METHOD)

for redirectMethod in redirectMethods:
    arguments = redirectMethod.getArguments()
    for argument in arguments:
        if any(
            externalInput in argument
            for externalInput in EXTERNAL_INPUT_METHODS
        ):
            if not any(
                filterMethod in argument
                for filterMethod in INPUT_FILTER_METHODS
            ):
                print(f"CWE-601 is detected in {redirectMethod.fullName}")

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.10%. Comparing base (e3cd5e2) to head (0dc2044).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #821   +/-   ##
=======================================
  Coverage   81.10%   81.10%           
=======================================
  Files          75       75           
  Lines        6372     6372           
=======================================
  Hits         5168     5168           
  Misses       1204     1204           

Flag	Coverage Δ
unittests	81.10% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[haeter525]

LGTM! Thank @pulorsok