Skip to content

Add Quark Script APIs to detect CWE-297 #777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Jul 16, 2025
Merged

Add Quark Script APIs to detect CWE-297 #777

merged 16 commits into from
Jul 16, 2025

Conversation

zinwang
Copy link
Collaborator

@zinwang zinwang commented Jul 15, 2025
edited
Loading

The following two Quark Script APIs are added to detect CWE-297:

findMethodImpls(samplePath, targetMethod)

  • Description: Find all implementations of a specified method in the APK.
  • params:
    1. samplePath: target file
    2. targetMethod: python list contains the class name, method name, and descriptor of the target method
  • return: python list contains the method implementations of the target method

isMethodReturnAlwaysTrue(samplePath, targetMethod)

  • Description: Check if a method always returns True.
  • params:
    1. samplePath: target file
    2. targetMethod: python list contains the class name, method name, and descriptor of the target method
  • return: True/False

@zinwang zinwang changed the title Add Quark Script API to detect CWE 297 Add Quark Script APIs to detect CWE 297 Jul 15, 2025
@codecov Codecov
Copy link

codecov bot commented Jul 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 95.34884% with 2 lines in your changes missing coverage. Please review.

Project coverage is 80.94%. Comparing base (d5c4cd0) to head (2515550).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
quark/script/__init__.py 93.93% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #777      +/-   ##
==========================================
+ Coverage   80.73%   80.94%   +0.21%     
==========================================
  Files          75       75              
  Lines        6265     6308      +43     
==========================================
+ Hits         5058     5106      +48     
+ Misses       1207     1202       -5
Flag Coverage Δ
unittests 80.94% <95.34%> (+0.21%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@zinwang zinwang requested a review from haeter525 July 16, 2025 06:10
@zinwang zinwang changed the title Add Quark Script APIs to detect CWE 297 Add Quark Script APIs to detect CWE-297 Jul 16, 2025
haeter525
haeter525 requested changes Jul 16, 2025
View reviewed changes
haeter525
haeter525 reviewed Jul 16, 2025
View reviewed changes
haeter525
haeter525 reviewed Jul 16, 2025
View reviewed changes
haeter525
haeter525 reviewed Jul 16, 2025
View reviewed changes
haeter525
haeter525 approved these changes Jul 16, 2025
View reviewed changes
Copy link
Member

@haeter525 haeter525 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank @zinwang.

@haeter525 haeter525 merged commit 41bd576 into quark-engine:master Jul 16, 2025
27 of 29 checks passed
This was referenced Aug 4, 2025
Closed
Closed
Closed
This was referenced Aug 5, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Aug 13, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@github-actions github-actions bot mentioned this pull request Aug 25, 2025
Closed
This was referenced Sep 1, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haeter525 haeter525 haeter525 approved these changes

Assignees
No one assigned
Labels
pr-processing-state-06
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zinwang @haeter525