Skip to content

Commit e76f950

Browse files
JerryTasiJerryTasi
authored
Optimize CWE-327 document (ev-flow#629)
1 parent 5f230f6 commit e76f950

File tree

1 file changed

+22
-6
lines changed

1 file changed

+22
-6
lines changed

docs/source/quark_script.rst

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1225,17 +1225,33 @@ Quark Script Result
12251225
http://example.com./api/v1/
12261226
12271227
1228-
Detect CWE-327 in Android Application (InjuredAndroid.apk)
1229-
-------------------------------------------------------------
1228+
Detect CWE-327 in Android Application
1229+
----------------------------------------------
12301230

1231-
This scenario seeks to find **the use of a Broken or Risky Cryptographic Algorithm**. See `CWE-327 <https://cwe.mitre.org/data/definitions/327.html>`_ for more details.
1231+
This scenario seeks to find **Use of a Broken or Risky Cryptographic Algorithm** in the APK file.
12321232

1233-
Let's use this `APK <https://github.com/B3nac/InjuredAndroid>`_ and the above APIs to show how the Quark script finds this vulnerability.
1233+
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
1234+
==========================================================
12341235

1235-
We first design a detection rule ``useOfCryptographicAlgo.json`` to spot on behavior using cryptographic algorithms. Then, we use API ``behaviorInstance.hasString(pattern, isRegex)`` with a list to check if the algorithm is risky. If YES, that may cause the exposure of sensitive data.
1236+
We analyze the definition of CWE-327 and identify its characteristics.
1237+
1238+
See `CWE-327 <https://cwe.mitre.org/data/definitions/327.html>`_ for more details.
1239+
1240+
.. image:: https://imgur.com/VlX7MTc.png
1241+
1242+
Code of CWE-327 in InjuredAndroid.apk
1243+
=============================================
1244+
1245+
We use the `InjuredAndroid.apk <https://github.com/B3nac/InjuredAndroid>`_ sample to explain the vulnerability code of CWE-327.
1246+
1247+
.. image:: https://imgur.com/XFvu8zb.png
12361248

12371249
Quark Script CWE-327.py
1238-
=======================
1250+
===========================
1251+
1252+
Let’s use the above APIs to show how the Quark script finds this vulnerability.
1253+
1254+
We first design a detection rule ``useOfCryptographicAlgo.json`` to spot on behavior using cryptographic algorithms. Then, we use API ``behaviorInstance.hasString(pattern, isRegex)`` with a list to check if the algorithm is risky. If YES, that may cause the exposure of sensitive data.
12391255

12401256
.. code-block:: python
12411257

0 commit comments

Comments
 (0)