hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

resolve merge conflict

Browse Source
This commit is contained in:
Jami Cogswell
2022-09-28 16:40:47 -04:00
committed by Tony Torralba
parent 0f64361065
commit 0a135a7f21
5 changed files with 275 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
java/ql/test/library-tests/frameworks/android/intent/TestStartActivityToGetIntent.java
View File

@@ -2,24 +2,68 @@ import android.app.Activity;
import android.content.Context;
import android.content.Intent;
// ! Original - saving for reference
// public class TestStartActivityToGetIntent {
// static Object source() {
// return null;
// }
// static void sink(Object sink) {
// }
// public void test(Context ctx) {
// Intent intent = new Intent(null, SomeActivity.class);
// intent.putExtra("data", (String) source());
// ctx.startActivity(intent);
// }
// static class SomeActivity extends Activity {
// public void test() {
// sink(getIntent().getStringExtra("data")); // $ hasValueFlow
// }
// }
// }
public class TestStartActivityToGetIntent {
static Object source() {
static Object source(String kind) {
return null;
}
static void sink(Object sink) {}
static void sink(Object sink) {
}
public void test(Context ctx) {
Intent intent = new Intent(null, SomeActivity.class);
intent.putExtra("data", (String) source());
ctx.startActivity(intent);
public void test(Context ctx, Activity act) {
{
Intent intentCtx = new Intent(null, SomeActivity.class);
Intent intentAct = new Intent(null, SomeActivity.class);
intentCtx.putExtra("data", (String) source("context"));
intentAct.putExtra("data", (String) source("activity"));
ctx.startActivity(intentCtx);
act.startActivity(intentAct);
}
{
Intent intentCtx = new Intent(null, SafeActivity.class);
Intent intentAct = new Intent(null, SafeActivity.class);
ctx.startActivity(intentCtx);
act.startActivity(intentAct);
}
}
static class SomeActivity extends Activity {
public void test() {
sink(getIntent().getStringExtra("data")); // $ hasValueFlow
sink(getIntent().getStringExtra("data")); // $ hasValueFlow=context hasValueFlow=activity
}
}
static class SafeActivity extends Activity {
public void test() {
sink(getIntent().getStringExtra("data")); // Safe
}
}
}

42
java/ql/test/library-tests/frameworks/android/intent/TestStartBroadcastReceiverToIntent.java Normal file
View File

@@ -0,0 +1,42 @@
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
public class TestStartBroadcastReceiverToIntent {
static Object source() {
return null;
}
static void sink(Object sink) {
}
public void test(Context ctx) {
{
Intent intent = new Intent(null, SomeBroadcastReceiver.class);
intent.putExtra("data", (String) source());
ctx.sendBroadcast(intent);
}
{
Intent intent = new Intent(null, SafeBroadcastReceiver.class);
ctx.sendBroadcast(intent);
}
}
static class SomeBroadcastReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
}
}
static class SafeBroadcastReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
sink(intent.getStringExtra("data")); // Safe
}
}
}

4
java/ql/test/library-tests/frameworks/android/intent/TestStartComponentToIntent.java
View File

@@ -1,6 +1,6 @@
import android.app.Activity;
import android.app.Service;
import android.content.BroadcastReceiver;
//import android.app.Service;
//import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;

99
java/ql/test/library-tests/frameworks/android/intent/TestStartServiceToIntent.java Normal file
View File

@@ -0,0 +1,99 @@
import android.app.Service;
import android.os.IBinder;
import android.content.Context;
import android.content.Intent;
public class TestStartServiceToIntent {
static Object source() {
return null;
}
static void sink(Object sink) {
}
public void test(Context ctx) {
{
Intent intent = new Intent(null, SomeService.class);
intent.putExtra("data", (String) source());
ctx.startService(intent);
}
{
Intent intent = new Intent(null, SafeService.class);
ctx.startService(intent);
}
}
static class SomeService extends Service {
@Override
public void onStart(Intent intent, int startId) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
}
@Override
public int onStartCommand(Intent intent, int flags, int startId) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
return -1;
}
@Override
public IBinder onBind(Intent intent) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
return null;
}
@Override
public boolean onUnbind(Intent intent) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
return false;
}
@Override
public void onRebind(Intent intent) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
}
@Override
public void onTaskRemoved(Intent intent) {
sink(intent.getStringExtra("data")); // $ hasValueFlow
}
}
static class SafeService extends Service {
@Override
public void onStart(Intent intent, int startId) {
sink(intent.getStringExtra("data")); // Safe
}
@Override
public int onStartCommand(Intent intent, int flags, int startId) {
sink(intent.getStringExtra("data")); // Safe
return -1;
}
@Override
public IBinder onBind(Intent intent) {
sink(intent.getStringExtra("data")); // Safe
return null;
}
@Override
public boolean onUnbind(Intent intent) {
sink(intent.getStringExtra("data")); // Safe
return false;
}
@Override
public void onRebind(Intent intent) {
sink(intent.getStringExtra("data")); // Safe
}
@Override
public void onTaskRemoved(Intent intent) {
sink(intent.getStringExtra("data")); // Safe
}
}
}

132
java/ql/test/stubs/google-android-9.0.0/android/app/Service.java generated
View File

@@ -20,12 +20,13 @@ import android.content.ContextWrapper;
import android.os.IBinder;
/**
* A Service is an application component representing either an application's desire
* A Service is an application component representing either an application's
* desire
* to perform a longer-running operation while not interacting with the user
* or to supply functionality for other applications to use. Each service
* or to supply functionality for other applications to use. Each service
* class must have a corresponding
* {@link android.R.styleable#AndroidManifestService <service>}
* declaration in its package's <code>AndroidManifest.xml</code>. Services
* declaration in its package's <code>AndroidManifest.xml</code>. Services
* can be started with
* {@link android.content.Context#startService Context.startService()} and
* {@link android.content.Context#bindService Context.bindService()}.
@@ -34,9 +35,10 @@ import android.os.IBinder;
* thread of their hosting process. This means that, if your service is going
* to do any CPU intensive (such as MP3 playback) or blocking (such as
* networking) operations, it should spawn its own thread in which to do that
* work. More information on this can be found in
* <a href="{@docRoot}guide/topics/fundamentals/processes-and-threads.html">Processes and
* Threads</a>. The {@link IntentService} class is available
* work. More information on this can be found in
* <a href="
* {@docRoot}guide/topics/fundamentals/processes-and-threads.html">Processes and
* Threads</a>. The {@link IntentService} class is available
* as a standard implementation of Service that has its own thread where it
* schedules its work to be done.</p>
*
@@ -47,13 +49,18 @@ import android.os.IBinder;
* <li><a href="#Permissions">Permissions</a>
* <li><a href="#ProcessLifecycle">Process Lifecycle</a>
* <li><a href="#LocalServiceSample">Local Service Sample</a>
* <li><a href="#RemoteMessengerServiceSample">Remote Messenger Service Sample</a>
* <li><a href="#RemoteMessengerServiceSample">Remote Messenger Service
* Sample</a>
* </ol>
*
* <div class="special reference">
* <h3>Developer Guides</h3>
* <p>For a detailed discussion about how to create services, read the
* <a href="{@docRoot}guide/topics/fundamentals/services.html">Services</a> developer guide.</p>
* <p>
* For a detailed discussion about how to create services, read the
* <a href="
* {@docRoot}guide/topics/fundamentals/services.html">Services</a> developer
* guide.
* </p>
* </div>
*
* <a name="WhatIsAService"></a>
@@ -63,10 +70,10 @@ import android.os.IBinder;
* it is <em>not</em>:</p>
*
* <ul>
* <li> A Service is <b>not</b> a separate process. The Service object itself
* <li>A Service is <b>not</b> a separate process. The Service object itself
* does not imply it is running in its own process; unless otherwise specified,
* it runs in the same process as the application it is part of.
* <li> A Service is <b>not</b> a thread. It is not a means itself to do work off
* <li>A Service is <b>not</b> a thread. It is not a means itself to do work off
* of the main thread (to avoid Application Not Responding errors).
* </ul>
*
@@ -75,12 +82,12 @@ import android.os.IBinder;
* <ul>
* <li>A facility for the application to tell the system <em>about</em>
* something it wants to be doing in the background (even when the user is not
* directly interacting with the application). This corresponds to calls to
* directly interacting with the application). This corresponds to calls to
* {@link android.content.Context#startService Context.startService()}, which
* ask the system to schedule work for the service, to be run until the service
* or someone else explicitly stop it.
* <li>A facility for an application to expose some of its functionality to
* other applications. This corresponds to calls to
* other applications. This corresponds to calls to
* {@link android.content.Context#bindService Context.bindService()}, which
* allows a long-standing connection to be made to the service in order to
* interact with it.
@@ -105,11 +112,14 @@ import android.os.IBinder;
* calls {@link android.content.Context#startService Context.startService()} then the system will
* retrieve the service (creating it and calling its {@link #onCreate} method
* if needed) and then call its {@link #onStartCommand} method with the
* arguments supplied by the client. The service will at this point continue
* running until {@link android.content.Context#stopService Context.stopService()} or
* {@link #stopSelf()} is called. Note that multiple calls to
* Context.startService() do not nest (though they do result in multiple corresponding
* calls to onStartCommand()), so no matter how many times it is started a service
* arguments supplied by the client. The service will at this point continue
* running until {@link android.content.Context#stopService
* Context.stopService()} or
* {@link #stopSelf()} is called. Note that multiple calls to
* Context.startService() do not nest (though they do result in multiple
* corresponding
* calls to onStartCommand()), so no matter how many times it is started a
* service
* will be stopped once Context.stopService() or stopSelf() is called; however,
* services can use their {@link #stopSelf(int)} method to ensure the service is
* not stopped until started intents have been processed.
@@ -119,28 +129,29 @@ import android.os.IBinder;
* onStartCommand(): {@link #START_STICKY} is used for services that are
* explicitly started and stopped as needed, while {@link #START_NOT_STICKY}
* or {@link #START_REDELIVER_INTENT} are used for services that should only
* remain running while processing any commands sent to them. See the linked
* remain running while processing any commands sent to them. See the linked
* documentation for more detail on the semantics.
*
* <p>Clients can also use {@link android.content.Context#bindService Context.bindService()} to
* obtain a persistent connection to a service. This likewise creates the
* service if it is not already running (calling {@link #onCreate} while
* doing so), but does not call onStartCommand(). The client will receive the
* doing so), but does not call onStartCommand(). The client will receive the
* {@link android.os.IBinder} object that the service returns from its
* {@link #onBind} method, allowing the client to then make calls back
* to the service. The service will remain running as long as the connection
* to the service. The service will remain running as long as the connection
* is established (whether or not the client retains a reference on the
* service's IBinder). Usually the IBinder returned is for a complex
* interface that has been <a href="{@docRoot}guide/components/aidl.html">written
* service's IBinder). Usually the IBinder returned is for a complex
* interface that has been
* <a href="{@docRoot}guide/components/aidl.html">written
* in aidl</a>.
*
* <p>A service can be both started and have connections bound to it. In such
* a case, the system will keep the service running as long as either it is
* started <em>or</em> there are one or more connections to it with the
* {@link android.content.Context#BIND_AUTO_CREATE Context.BIND_AUTO_CREATE}
* flag. Once neither
* flag. Once neither
* of these situations hold, the service's {@link #onDestroy} method is called
* and the service is effectively terminated. All cleanup (stopping threads,
* and the service is effectively terminated. All cleanup (stopping threads,
* unregistering receivers) should be complete upon returning from onDestroy().
*
* <a name="Permissions"></a>
@@ -148,24 +159,28 @@ import android.os.IBinder;
*
* <p>Global access to a service can be enforced when it is declared in its
* manifest's {@link android.R.styleable#AndroidManifestService &lt;service&gt;}
* tag. By doing so, other applications will need to declare a corresponding
* {@link android.R.styleable#AndroidManifestUsesPermission &lt;uses-permission&gt;}
* tag. By doing so, other applications will need to declare a corresponding
* {@link android.R.styleable#AndroidManifestUsesPermission
* &lt;uses-permission&gt;}
* element in their own manifest to be able to start, stop, or bind to
* the service.
*
* <p>As of {@link android.os.Build.VERSION_CODES#GINGERBREAD}, when using
* <p>
* As of {@link android.os.Build.VERSION_CODES#GINGERBREAD}, when using
* {@link Context#startService(Intent) Context.startService(Intent)}, you can
* also set {@link Intent#FLAG_GRANT_READ_URI_PERMISSION
* Intent.FLAG_GRANT_READ_URI_PERMISSION} and/or {@link Intent#FLAG_GRANT_WRITE_URI_PERMISSION
* Intent.FLAG_GRANT_WRITE_URI_PERMISSION} on the Intent. This will grant the
* Service temporary access to the specific URIs in the Intent. Access will
* Intent.FLAG_GRANT_READ_URI_PERMISSION} and/or
* {@link Intent#FLAG_GRANT_WRITE_URI_PERMISSION
* Intent.FLAG_GRANT_WRITE_URI_PERMISSION} on the Intent. This will grant the
* Service temporary access to the specific URIs in the Intent. Access will
* remain until the Service has called {@link #stopSelf(int)} for that start
* command or a later one, or until the Service has been completely stopped.
* This works for granting access to the other apps that have not requested
* the permission protecting the Service, or even when the Service is not
* exported at all.
*
* <p>In addition, a service can protect individual IPC calls into it with
* <p>
* In addition, a service can protect individual IPC calls into it with
* permissions, by calling the
* {@link #checkCallingPermission}
* method before executing the implementation of that call.
@@ -183,32 +198,44 @@ import android.os.IBinder;
* following possibilities:
*
* <ul>
* <li><p>If the service is currently executing code in its
* <li>
* <p>
* If the service is currently executing code in its
* {@link #onCreate onCreate()}, {@link #onStartCommand onStartCommand()},
* or {@link #onDestroy onDestroy()} methods, then the hosting process will
* be a foreground process to ensure this code can execute without
* being killed.
* <li><p>If the service has been started, then its hosting process is considered
* <li>
* <p>
* If the service has been started, then its hosting process is considered
* to be less important than any processes that are currently visible to the
* user on-screen, but more important than any process not visible. Because
* user on-screen, but more important than any process not visible. Because
* only a few processes are generally visible to the user, this means that
* the service should not be killed except in low memory conditions. However, since
* the user is not directly aware of a background service, in that state it <em>is</em>
* the service should not be killed except in low memory conditions. However,
* since
* the user is not directly aware of a background service, in that state it
* <em>is</em>
* considered a valid candidate to kill, and you should be prepared for this to
* happen. In particular, long-running services will be increasingly likely to
* happen. In particular, long-running services will be increasingly likely to
* kill and are guaranteed to be killed (and restarted if appropriate) if they
* remain started long enough.
* <li><p>If there are clients bound to the service, then the service's hosting
* process is never less important than the most important client. That is,
* <li>
* <p>
* If there are clients bound to the service, then the service's hosting
* process is never less important than the most important client. That is,
* if one of its clients is visible to the user, then the service itself is
* considered to be visible. The way a client's importance impacts the service's
* considered to be visible. The way a client's importance impacts the service's
* importance can be adjusted through {@link Context#BIND_ABOVE_CLIENT},
* {@link Context#BIND_ALLOW_OOM_MANAGEMENT}, {@link Context#BIND_WAIVE_PRIORITY},
* {@link Context#BIND_IMPORTANT}, and {@link Context#BIND_ADJUST_WITH_ACTIVITY}.
* <li><p>A started service can use the {@link #startForeground(int, Notification)}
* {@link Context#BIND_ALLOW_OOM_MANAGEMENT},
* {@link Context#BIND_WAIVE_PRIORITY},
* {@link Context#BIND_IMPORTANT}, and
* {@link Context#BIND_ADJUST_WITH_ACTIVITY}.
* <li>
* <p>
* A started service can use the {@link #startForeground(int, Notification)}
* API to put the service in a foreground state, where the system considers
* it to be something the user is actively aware of and thus not a candidate
* for killing when low on memory. (It is still theoretically possible for
* for killing when low on memory. (It is still theoretically possible for
* the service to be killed under extreme memory pressure from the current
* foreground application, but in practice this should not be a concern.)
* </ul>
@@ -232,7 +259,7 @@ import android.os.IBinder;
*
* <p>One of the most common uses of a Service is as a secondary component
* running alongside other parts of an application, in the same process as
* the rest of the components. All components of an .apk run in the same
* the rest of the components. All components of an .apk run in the same
* process unless explicitly stated otherwise, so this is a typical situation.
*
* <p>When used in this way, by assuming the
@@ -283,11 +310,12 @@ import android.os.IBinder;
* messages back as well:
*
* {@sample development/samples/ApiDemos/src/com/example/android/apis/app/MessengerServiceActivities.java
* bind}
* bind}
*/
public abstract class Service extends ContextWrapper {
/**
* Called by the system when the service is first created. Do not call this method directly.
* Called by the system when the service is first created. Do not call this
* method directly.
*/
public void onCreate() {
}
@@ -335,10 +363,12 @@ public abstract class Service extends ContextWrapper {
}
/**
* Called by the system to notify a Service that it is no longer used and is being removed. The
* Called by the system to notify a Service that it is no longer used and is
* being removed. The
* service should clean up any resources it holds (threads, registered
* receivers, etc) at this point. Upon return, there will be no more calls
* in to this Service object and it is effectively dead. Do not call this method directly.
* receivers, etc) at this point. Upon return, there will be no more calls
* in to this Service object and it is effectively dead. Do not call this method
* directly.
*/
public void onDestroy() {
}