Optimize the document of Quark Script CWE-921

JerryTasi · web-flow · commit ab1c9ce140b6 · 2025-01-14T15:11:20.000+08:00
diff --git a/CWE-921/README.md b/CWE-921/README.md
@@ -1,36 +1,35 @@
 # Detect CWE-921 in Android Application
 
-This scenario seeks to find the **unsecured storage mechanism of
-sensitive data** in the APK file.
+This scenario seeks to find the **unsecured storage mechanism of sensitive data** in the APK file.
 
-## CWE-921 Storage of Sensitive Data in a Mechanism without Access Control
+## CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
 
 We analyze the definition of CWE-921 and identify its characteristics.
 
-See [CWE-921](https://cwe.mitre.org/data/definitions/921.html) for more
-details.
+See [CWE-921](https://cwe.mitre.org/data/definitions/921.html) for more details.
+
+![image](https://imgur.com/2zlPLHe.jpg)
 
-![image](https://imgur.com/ihtjGAu.jpg)
 
 ## Code of CWE-921 in ovaa.apk
 
-We use the [ovaa.apk](https://github.com/oversecured/ovaa) sample to
-explain the vulnerability code of CWE-921.
+We use the [ovaa.apk](https://github.com/oversecured/ovaa) sample to explain the vulnerability code of CWE-921.
 
-![image](https://imgur.com/ACzJct8.jpg)
+![image](https://imgur.com/2u5iL1K.jpg)
 
-## Quark Script: CWE-921.py
+## CWE-921 Detection Process Using Quark Script API
+
+![image](https://imgur.com/qHOMqKy.jpg)
+
+Let’s use the above APIs to show how the Quark script finds this vulnerability.
 
-Let's use the above APIs to show how the Quark script finds this
-vulnerability.
+First, we design a detection rule ``checkFileExistence.json`` to spot on behavior that checks if a file exists on a given storage mechanism. Then, we use API ``methodInstance.getArguments()`` to get the file path. Finally, CWE-921 is found if the file path contains the keyword ``sdcard``.
 
-First, we design a detection rule `checkFileExistence.json` to spot on
-behavior that checks if a file exists on a given storage mechanism.
-Then, we use API `methodInstance.getArguments()` to get the file path.
-Finally, CWE-921 is found if the file path contains the keyword
-`sdcard`.
+## Quark Script: CWE-921.py
+
+![image](https://imgur.com/HULgyIy.jpg)
 
-``` python
+```python
 from quark.script import runQuarkAnalysis, Rule
 
 SAMPLE_PATH = "ovaa.apk"
@@ -48,7 +47,9 @@ for existingFile in quarkResult.behaviorOccurList:
 
 ## Quark Rule: checkFileExistence.json
 
-``` json
+![image](https://imgur.com/zRiYLtS.jpg)
+
+```json
 {
     "crime": "Check file existence",
     "permission": [],
@@ -71,7 +72,7 @@ for existingFile in quarkResult.behaviorOccurList:
 
 ## Quark Script Result
 
-``` TEXT
+```
 $ python3 CWE-921.py
 This file is stored inside the SDcard
 
