Add Quark Script APIs to detect hard-coded credentials (#372)

pulorsok · web-flow · commit 8945d058bf27 · 2022-07-22T11:28:40.000+08:00
diff --git a/quark/script/__init__.py b/quark/script/__init__.py
@@ -129,6 +129,23 @@ def hasUrl(self) -> List[str]:
         """
         return self.hasString(URL_REGEX, True)
 
+    def getParamValues(self) -> List[str]:
+        """Get parameter values from behavior.
+
+        :return: python list containing parameter values
+        """
+        allResult = self.hasString(".*", True)
+
+        paramValues = []
+        for result in allResult:
+            if result[0] == "(" and result[-1] == ")" and \
+                    self.firstAPI.innerObj.class_name in result and \
+                    self.secondAPI.innerObj.class_name in result:
+
+                paramValues = result[1:-1].split(",")[1:]
+
+        return paramValues
+
 
 class QuarkResult:
     def __init__(self, quark: Quark, ruleInstance: Rule) -> None:
@@ -192,6 +209,15 @@ def _wrapMethodObjectWithoutCache(self, methodObj: MethodObject) -> Method:
         else:
             return None
 
+    def getAllStrings(self) -> List[str]:
+        """
+        List all strings inside the target APK.
+
+        :return: python list containing all defined strings.
+        """
+        apkinfo = self.quark.apkinfo
+        return apkinfo.get_strings()
+
 
 def runQuarkAnalysis(samplePath: PathLike, ruleInstance: Rule) -> QuarkResult:
     """Given detection rule and target sample, this instance runs the basic
diff --git a/tests/script/test_script.py b/tests/script/test_script.py
@@ -170,6 +170,19 @@ def testHasUrl(QUARK_ANALYSIS_RESULT):
 
         assert "www.baidu.com" in result
 
+    @staticmethod
+    def testGetParamValues(QUARK_ANALYSIS_RESULT):
+        behaviorOccurList = QUARK_ANALYSIS_RESULT.behaviorOccurList
+        behavior = next(
+            filter(
+                lambda b: "checkWifiCanOrNotConnectServer"
+                in b.methodCaller.fullName,
+                behaviorOccurList,
+            )
+        )
+
+        assert behavior.getParamValues()[0] == "ping www.baidu.com"
+
 
 class TestQuarkReuslt:
     @staticmethod
@@ -213,6 +226,10 @@ def testMethodGetXrefFrom(QUARK_ANALYSIS_RESULT):
 
         assert expectedMethod in caller_list
 
+    @staticmethod
+    def testgetAllStrings(QUARK_ANALYSIS_RESULT):
+        assert len(QUARK_ANALYSIS_RESULT.getAllStrings()) == 1005
+
 
 def testRunQuarkAnalysis(SAMPLE_PATH):
     ruleset = Ruleset(RULE_FOLDER_PATH)
