Optimize the document of Quark Script CWE-20 (#727)

JerryTasi · web-flow · commit 178d72f6dac9 · 2025-01-14T14:49:37.000+08:00
diff --git a/docs/source/quark_script.rst b/docs/source/quark_script.rst
@@ -1376,58 +1376,67 @@ Quark Script Result
 
 
 Detect CWE-20 in Android Application
-----------------------------------------
+-------------------------------------
 
 This scenario seeks to find **Improper Input Validation** in the APK file.
 
-CWE-20 Improper Input Validation
-=================================
+CWE-20: Improper Input Validation
+==================================
 
 We analyze the definition of CWE-20 and identify its characteristics.
 
 See `CWE-20 <https://cwe.mitre.org/data/definitions/20.html>`_ for more details.
 
-.. image:: https://imgur.com/21CzFUq.jpg
+.. image:: https://imgur.com/eO8fepu.jpg
 
 Code of CWE-20 in diva.apk
-===============================
+===========================
 
 We use the `diva.apk <https://github.com/payatu/diva-android>`_ sample to explain the vulnerability code of CWE-20.
 
-.. image:: https://imgur.com/kRIuEHd.jpg
+.. image:: https://imgur.com/nsuXYGU.jpg
 
-Quark Script CWE-20.py
-=======================
+CWE-20 Detection Process Using Quark Script API
+================================================
+
+.. image:: https://imgur.com/C7zmwLm.jpg
 
 Let’s use the above APIs to show how the Quark script finds this vulnerability.
 
 First, we design a detection rule ``openUrlThatUserInput.json``, to spot the behavior of opening the URL that the user inputs. Then, we use API ``behaviorInstance.getMethodsInArgs()`` to get a list of methods that the URL in ``loadUrl`` passes through. Finally, we check if any validation method is in the list. If No, the APK does not validate user input. That causes CWE-20 vulnerability.
 
+Quark Script CWE-20.py
+=======================
+
+.. image:: https://imgur.com/bwPqc4K.jpg
+
 .. code-block:: python
 
-	from quark.script import runQuarkAnalysis, Rule
-	
-	SAMPLE_PATH = "diva.apk"
-	RULE_PATH = "openUrlThatUserInput.json"
-	
-	rule = Rule(RULE_PATH)
-	result = runQuarkAnalysis(SAMPLE_PATH, rule)
-	
-	VALIDATE_METHODS = ["contains", "indexOf", "matches", "replaceAll"]
-	
-	for openUrl in result.behaviorOccurList:
-	    calledMethods = openUrl.getMethodsInArgs()
-	
-	    if not any(
-	        method.methodName in VALIDATE_METHODS for method in calledMethods
-	    ):
-	        print(f"CWE-20 is detected in method, {openUrl.methodCaller.fullName}")
+    from quark.script import runQuarkAnalysis, Rule
+
+    SAMPLE_PATH = "diva.apk"
+    RULE_PATH = "openUrlThatUserInput.json"
+
+    rule = Rule(RULE_PATH)
+    result = runQuarkAnalysis(SAMPLE_PATH, rule)
+
+    VALIDATE_METHODS = ["contains", "indexOf", "matches", "replaceAll"]
+
+    for openUrl in result.behaviorOccurList:
+        calledMethods = openUrl.getMethodsInArgs()
+
+        if not any(
+            method.methodName in VALIDATE_METHODS for method in calledMethods
+        ):
+            print(f"CWE-20 is detected in method, {openUrl.methodCaller.fullName}")
 
 Quark Rule: openUrlThatUserInput.json
 ======================================
 
+.. image:: https://imgur.com/k4WT8Fb.jpg
+
 .. code-block:: json
-    
+
     {
         "crime": "Open the Url that user input",
         "permission": [],
@@ -1448,12 +1457,12 @@ Quark Rule: openUrlThatUserInput.json
     }
 
 Quark Script Result
-===================
+====================
 
 .. code-block:: TEXT
 
-   $ python CWE-20.py 
-   CWE-20 is detected in method, Ljakhar/aseem/diva/InputValidation2URISchemeActivity; get (Landroid/view/View;)V
+    $ python CWE-20.py
+    CWE-20 is detected in method, Ljakhar/aseem/diva/InputValidation2URISchemeActivity; get (Landroid/view/View;)V
 
 
 
