Optimize the CWE-79 document (ev-flow#645)

JerryTasi · web-flow · commit 00bb5cf86c42 · 2024-05-22T20:19:22.000+08:00
* Optimize the CWE-79 document

* Optimize the CWE-79 document
diff --git a/docs/source/quark_script.rst b/docs/source/quark_script.rst
@@ -1387,51 +1387,67 @@ Quark Script Result
 
 
 
-Detect CWE-79 in Android Application (Vuldroid.apk)
-------------------------------------------------------
+Detect CWE-79 in Android Application
+-------------------------------------
+
+This scenario seeks to find **Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)** in the APK file.
 
-This scenario seeks to find **Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').** See `CWE-79 <https://cwe.mitre.org/data/definitions/79.html>`_ for more details.
+CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
+============================================================================================
 
-Let’s use this `APK <https://github.com/jaiswalakshansh/Vuldroid>`_ and the above APIs to show how the Quark script finds this vulnerability. 
+We analyze the definition of CWE-79 and identify its characteristics.
 
-First, we design a detection rule ``loadUrlFromIntent.json`` to spot on behavior loading URL from intent data to the WebView instance.
+See `CWE-79 <https://cwe.mitre.org/data/definitions/79.html>`_ for more details.
 
-Next, we use API ``quarkResultInstance.findMethodInCaller(callerMethod, targetMethod)`` and ``methodInstance.getArguments()``  to check if the Javascript execution is enabled in the WebView. Finally, we check if there are any famous XSS filters. If **NO**, that may cause CWE-79 vulnerability.
+.. image:: https://imgur.com/jAwgD0x.png
+
+Code of CWE-79 in Vuldroid.apk
+===============================
 
+We use the `Vuldroid.apk <https://github.com/jaiswalakshansh/Vuldroid>`_ sample to explain the vulnerability code of CWE-79.
+
+.. image:: https://imgur.com/lC6EKun.png
 
 Quark Script CWE-79.py
-========================
+=======================
+
+Let’s use the above APIs to show how the Quark script finds this vulnerability.
+
+First, we design a detection rule ``loadUrlFromIntent.json`` to spot the behavior loading URL from intent data to the WebView instance.
+
+Next, we use API ``quarkResultInstance.findMethodInCaller(callerMethod, targetMethod)`` and ``methodInstance.getArguments()`` to check if the Javascript execution is enabled in the WebView. Finally, we check if there are any famous XSS filters. If NO, that may cause CWE-79 vulnerability.
 
 .. code-block:: python
-     
+
     from quark.script import runQuarkAnalysis, Rule
 
     SAMPLE_PATH = "Vuldroid.apk"
     RULE_PATH = "loadUrlFromIntent.json"
 
     XSS_FILTERS = [
         [
-            "Lorg/owasp/esapi/Validator;", "getValidSafeHTML",
+            "Lorg/owasp/esapi/Validator;",
+            "getValidSafeHTML",
             "(Ljava/lang/String; Ljava/lang/String; I Z)Ljava/lang/String;",
         ],
         [
-            "Lorg/owasp/esapi/Encoder;", "encodeForHTML",
+            "Lorg/owasp/esapi/Encoder;",
+            "encodeForHTML",
             "(Ljava/lang/String;)Ljava/lang/String;",
         ],
         [
-            "Lorg/owasp/esapi/Encoder;", "encodeForJavaScript",
+            "Lorg/owasp/esapi/Encoder;",
+            "encodeForJavaScript",
             "(Ljava/lang/String;)Ljava/lang/String;",
         ],
         [
-            "Lorg/owasp/html/PolicyFactory;", "sanitize",
+            "Lorg/owasp/html/PolicyFactory;",
+            "sanitize",
             "(Ljava/lang/String;)Ljava/lang/String;",
         ],
     ]
 
-    targetMethod = [
-        "Landroid/webkit/WebSettings;", "setJavaScriptEnabled",
-        "(Z)V"
-    ]
+    targetMethod = ["Landroid/webkit/WebSettings;", "setJavaScriptEnabled", "(Z)V"]
 
     ruleInstance = Rule(RULE_PATH)
     quarkResult = runQuarkAnalysis(SAMPLE_PATH, ruleInstance)
@@ -1446,13 +1462,14 @@ Quark Script CWE-79.py
 
         if enableJS:
             XSSFiltersInCaller = [
-                filterAPI for filterAPI in XSS_FILTERS if quarkResult.findMethodInCaller(caller, filterAPI)
+                filterAPI
+                for filterAPI in XSS_FILTERS
+                if quarkResult.findMethodInCaller(caller, filterAPI)
             ]
 
             if not XSSFiltersInCaller:
                 print(f"CWE-79 is detected in method, {caller.fullName}")
 
-
 Quark Rule: loadUrlFromIntent.json
 ====================================
 
