Add Quark Script APIs to detect CWE-94 (#373)

pulorsok · web-flow · commit 425816e58177 · 2022-07-26T01:15:55.000+08:00
diff --git a/quark/script/__init__.py b/quark/script/__init__.py
@@ -85,6 +85,30 @@ def fullName(self) -> str:
         """
         return self.innerObj.full_name
 
+    @property
+    def className(self) -> str:
+        """Show the class name of the method.
+
+        :return: the string of the method class name
+        """
+        return self.innerObj.class_name
+
+    @property
+    def methodName(self) -> str:
+        """Show the method name of the method.
+
+        :return: the string of the method name
+        """
+        return self.innerObj.name
+
+    @property
+    def descriptor(self) -> str:
+        """Show the descriptor of the method.
+
+        :return: the string of the method descriptor
+        """
+        return self.innerObj.descriptor
+
 
 class Behavior:
     def __init__(
@@ -218,6 +242,41 @@ def getAllStrings(self) -> List[str]:
         apkinfo = self.quark.apkinfo
         return apkinfo.get_strings()
 
+    def findMethodInCaller(
+        self,
+        callerMethod: List[str],
+        targetMethod: List[str]
+    ) -> bool:
+        """
+        Check if target method is in caller method.
+
+        :params callerMethod: python list contains class name,
+        method name and descriptor of caller method.
+        :params targetMethod: python list contains class name,
+        method name and descriptor of target method.
+        :return: True/False
+        """
+
+        apkinfo = self.quark.apkinfo
+
+        callerMethodObj = apkinfo.find_method(
+            class_name=callerMethod[0],
+            method_name=callerMethod[1],
+            descriptor=callerMethod[2])
+
+        if not callerMethodObj:
+            print("Caller method not Found!")
+            raise ValueError
+
+        callerMethodInstance = Method(self, callerMethodObj)
+
+        for calleeMethod, _ in callerMethodInstance.getXrefTo():
+            if calleeMethod.innerObj.class_name == targetMethod[0] and \
+                    calleeMethod.innerObj.name == targetMethod[1] and \
+                    calleeMethod.innerObj.descriptor == targetMethod[2]:
+                return True
+        return False
+
 
 def runQuarkAnalysis(samplePath: PathLike, ruleInstance: Rule) -> QuarkResult:
     """Given detection rule and target sample, this instance runs the basic
diff --git a/tests/script/test_script.py b/tests/script/test_script.py
@@ -230,6 +230,22 @@ def testMethodGetXrefFrom(QUARK_ANALYSIS_RESULT):
     def testgetAllStrings(QUARK_ANALYSIS_RESULT):
         assert len(QUARK_ANALYSIS_RESULT.getAllStrings()) == 1005
 
+    @staticmethod
+    def testfindMethodInCaller(QUARK_ANALYSIS_RESULT):
+        callerMethod = [
+            "Lcom/google/progress/WifiCheckTask;",
+            "checkWifiCanOrNotConnectServer",
+            "([Ljava/lang/String;)Z",
+        ]
+        targetMethod = [
+            "Landroid/util/Log;",
+            "e",
+            "(Ljava/lang/String; Ljava/lang/String;)I",
+        ]
+
+        assert QUARK_ANALYSIS_RESULT.findMethodInCaller(
+            callerMethod, targetMethod)
+
 
 def testRunQuarkAnalysis(SAMPLE_PATH):
     ruleset = Ruleset(RULE_FOLDER_PATH)
