Optimize the document of Quark Script CWE-489

[JerryTasi]

Detect CWE-489 in Android Application

This scenario seeks to find active debug code.

CWE-489: active debug code

We analyze the definition of CWE-489 and identify its characteristics.

See CWE-489 for more details.

Code of CWE-489 in allsafe.apk

We use the allsafe.apk sample to explain the vulnerability code of CWE-489.

Quark Script CWE-489.py

First, we use Quark API getApplication(samplePath) to get the application element in the manifest file. Then we use applicationInstance.isDebuggable() to check if the application element sets the attribute android:debuggable to true. If Yes, that causes CWE-489 vulnerabilities.

from quark.script import getApplication

SAMPLE_PATH = "allsafe.apk"

if getApplication(SAMPLE_PATH).isDebuggable():
    print(f"CWE-489 is detected in {SAMPLE_PATH}.")

Quark Script Result

$ python3 CWE-489.py
CWE-489 is detected in allsafe.apk.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.93%. Comparing base (7e1f42d) to head (95676cb).
Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #702   +/-   ##
=======================================
  Coverage   78.93%   78.93%           
=======================================
  Files          72       72           
  Lines        5711     5711           
=======================================
  Hits         4508     4508           
  Misses       1203     1203           

Flag	Coverage Δ
unittests	78.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zinwang]

LGTM!