hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif

Browse Source 
Java: Add query for exposure of sensitive information to android notifiactions
This commit is contained in:
Joe Farebrother
2024-01-26 16:42:55 +00:00
committed by GitHub
parent 73130ec665 dedba1fc54
commit 031bd8bd0c
33 changed files with 887 additions and 596 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll Normal file
View File

@@ -0,0 +1,22 @@
/** Definitions for Android Sensitive UI queries */
import java
private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.TaintTracking
private import semmle.code.java.security.SensitiveActions
/** A configuration for tracking sensitive information to system notifications. */
private module NotificationTrackingConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SensitiveExpr }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "notification") }
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
isSink(node) and exists(c)
}
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}
/** Taint tracking flow for sensitive data flowing to system notifications. */
module NotificationTracking = TaintTracking::Global<NotificationTrackingConfig>;