Optimize the document of Quark Script CWE-749

[pulorsok]

CWE-749 Detection Process Using Quark Script API

Let’s use the above APIs to show how the Quark script finds this vulnerability.

First, we design a detection rule configureJsExecution.json to spot on behavior using the method setJavascriptEnabled. Then, we use the API methodInstance.getArguments() to check if it enables JavaScript execution on websites. Finally, we look for calls to the method addJavaScriptInterface in the caller method. If yes, the APK exposes dangerous methods or functions to websites. That causes CWE-749 vulnerability.

Quark Script: CWE-749.py

    from quark.script import runQuarkAnalysis, Rule

    SAMPLE_PATH = "MSTG-Android-Java.apk"
    RULE_PATH = "configureJsExecution.json"

    targetMethod = [
        "Landroid/webkit/WebView;",
        "addJavascriptInterface",
        "(Ljava/lang/Object; Ljava/lang/String;)V"
    ]

    ruleInstance = Rule(RULE_PATH)
    quarkResult = runQuarkAnalysis(SAMPLE_PATH, ruleInstance)

    for configureJsExecution in quarkResult.behaviorOccurList:

        caller = configureJsExecution.methodCaller
        secondAPI = configureJsExecution.secondAPI

        enableJS = secondAPI.getArguments()[1]
        exposeAPI = quarkResult.findMethodInCaller(caller, targetMethod)

        if enableJS and exposeAPI:
            print(f"CWE-749 is detected in method, {caller.fullName}")
            

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.16%. Comparing base (9531676) to head (1251293).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #842   +/-   ##
=======================================
  Coverage   81.16%   81.16%           
=======================================
  Files          75       75           
  Lines        6399     6399           
=======================================
  Hits         5194     5194           
  Misses       1205     1205           

Flag	Coverage Δ
unittests	81.16% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[haeter525]

LGTM