Skip to content

Commit aa38926

Browse files
JerryTasiJerryTasi
authored
Optimize the CWE-78 document (ev-flow#649)
* Optimize the CWE-78 document * Optimize the CWE-78 document * Optimize the CWE-78 document * Optimize the CWE-78 document
1 parent 620d505 commit aa38926

File tree

1 file changed

+23
-10
lines changed

1 file changed

+23
-10
lines changed

docs/source/quark_script.rst

Lines changed: 23 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2200,12 +2200,31 @@ Quark Script Result
22002200
22012201
22022202
2203-
Detect CWE-78 in Android Application (Vuldroid.apk)
2204-
------------------------------------------------------
2203+
Detect CWE-78 in Android Application
2204+
--------------------------------------
22052205

2206-
This scenario seeks to find **Improper Neutralization of Special Elements used in an OS Command**. See `CWE-78 <https://cwe.mitre.org/data/definitions/78.html>`_ for more details.
2206+
This scenario seeks to find **Improper Neutralization of Special Elements used in an OS Command** in the APK file.
22072207

2208-
Let‘s use this `APK <https://github.com/jaiswalakshansh/Vuldroid>`_ and the above APIs to show how the Quark script finds this vulnerability.
2208+
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
2209+
==================================================================================================
2210+
2211+
We analyze the definition of CWE-78 and identify its characteristics.
2212+
2213+
See `CWE-78 <https://cwe.mitre.org/data/definitions/78.html>`_ for more details.
2214+
2215+
.. image:: https://imgur.com/aUB195P.png
2216+
2217+
Code of CWE-78 in Vuldroid.apk
2218+
===============================
2219+
2220+
We use the `Vuldroid.apk <https://github.com/jaiswalakshansh/Vuldroid>`_ sample to explain the vulnerability code of CWE-78.
2221+
2222+
.. image:: https://imgur.com/hO6m3Bz.png
2223+
2224+
Quark Scipt: CWE-78.py
2225+
========================
2226+
2227+
Let’s use the above APIs to show how the Quark script finds this vulnerability.
22092228

22102229
First, we design a detection rule ``ExternalStringsCommands.json`` to spot on behavior using external strings as commands.
22112230

@@ -2215,12 +2234,6 @@ Then we check if the method neutralizes any special elements found in the argume
22152234

22162235
If the neutralization is not complete, then it may cause CWE-78 vulnerability.
22172236

2218-
2219-
Quark Script CWE-78.py
2220-
=======================
2221-
2222-
The Quark Script below uses Vuldroid.apk to demonstrate.
2223-
22242237
.. code-block:: python
22252238
22262239
from quark.script import runQuarkAnalysis, Rule, findMethodInAPK

0 commit comments

Comments
 (0)