Skip to content

Commit f18588b

Browse files
JerryTasiJerryTasi
authored
Optimize the document of Quark Script CWE-20
1 parent 25da562 commit f18588b

File tree

1 file changed

+20
-22
lines changed

1 file changed

+20
-22
lines changed

CWE-20/README.md

Lines changed: 20 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,34 @@
11
# Detect CWE-20 in Android Application
22

3+
This scenario seeks to find **Improper Input Validation** in the APK file.
34

4-
This scenario seeks to find **Improper Input Validation** in the APK
5-
file.
6-
7-
## CWE-20 Improper Input Validation
5+
## CWE-20: Improper Input Validation
86

97
We analyze the definition of CWE-20 and identify its characteristics.
108

11-
See [CWE-20](https://cwe.mitre.org/data/definitions/20.html) for more
12-
details.
9+
See [CWE-20](https://cwe.mitre.org/data/definitions/20.html) for more details.
1310

14-
![image](https://imgur.com/21CzFUq.jpg)
11+
![image](https://imgur.com/eO8fepu.jpg)
1512

1613
## Code of CWE-20 in diva.apk
1714

18-
We use the [diva.apk](https://github.com/payatu/diva-android) sample to
19-
explain the vulnerability code of CWE-20.
15+
We use the [diva.apk](https://github.com/payatu/diva-android) sample to explain the vulnerability code of CWE-20.
2016

21-
![image](https://imgur.com/kRIuEHd.jpg)
17+
![image](https://imgur.com/nsuXYGU.jpg)
2218

23-
## Quark Script CWE-20.py
19+
## CWE-20 Detection Process Using Quark Script API
20+
21+
![image](https://imgur.com/C7zmwLm.jpg)
22+
23+
Let’s use the above APIs to show how the Quark script finds this vulnerability.
2424

25-
Let's use the above APIs to show how the Quark script finds this
26-
vulnerability.
25+
First, we design a detection rule ``openUrlThatUserInput.json``, to spot the behavior of opening the URL that the user inputs. Then, we use API ``behaviorInstance.getMethodsInArgs()`` to get a list of methods that the URL in ``loadUrl`` passes through. Finally, we check if any validation method is in the list. If No, the APK does not validate user input. That causes CWE-20 vulnerability.
2726

28-
First, we design a detection rule `openUrlThatUserInput.json`, to spot
29-
the behavior of opening the URL that the user inputs. Then, we use API
30-
`behaviorInstance.getMethodsInArgs()` to get a list of methods that the
31-
URL in `loadUrl` passes through. Finally, we check if any validation
32-
method is in the list. If No, the APK does not validate user input. That
33-
causes CWE-20 vulnerability.
27+
## Quark Script CWE-20.py
28+
29+
![image](https://imgur.com/bwPqc4K.jpg)
3430

35-
``` python
31+
```python
3632
from quark.script import runQuarkAnalysis, Rule
3733

3834
SAMPLE_PATH = "diva.apk"
@@ -54,7 +50,9 @@ for openUrl in result.behaviorOccurList:
5450

5551
## Quark Rule: openUrlThatUserInput.json
5652

57-
``` json
53+
![image](https://imgur.com/k4WT8Fb.jpg)
54+
55+
```json
5856
{
5957
"crime": "Open the Url that user input",
6058
"permission": [],
@@ -77,7 +75,7 @@ for openUrl in result.behaviorOccurList:
7775

7876
## Quark Script Result
7977

80-
``` TEXT
78+
```
8179
$ python CWE-20.py
8280
CWE-20 is detected in method, Ljakhar/aseem/diva/InputValidation2URISchemeActivity; get (Landroid/view/View;)V
8381
```

0 commit comments

Comments
 (0)