Add tests for ContentProvider sources

2026-05-01 19:55:15 +02:00 · 2021-09-21 12:09:47 +02:00
parent a811ab3aff
commit 0c1f3ed0b3
5 changed files with 235 additions and 0 deletions
--- a/java/ql/test/library-tests/frameworks/android/content-provider/AndroidManifest.xml
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/AndroidManifest.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:versionCode="1"
+    android:versionName="1.0"
+    package="com.example.app">
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:label="@string/app_name"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+
+        <activity
+            android:name=".MainActivity"
+            android:icon="@drawable/ic_launcher"
+			android:label="@string/app_name">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+        <provider
+            android:name=".Test"
+            android:authority="com.example.myapp.Test"
+            android:exported="true" />
+    </application>
+</manifest>
--- a/java/ql/test/library-tests/frameworks/android/content-provider/Test.java
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/Test.java
@@ -0,0 +1,190 @@
+package com.example.app;
+
+import java.io.FileNotFoundException;
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.content.res.AssetFileDescriptor;
+import android.database.Cursor;
+import android.net.Uri;
+import android.os.Bundle;
+import android.os.CancellationSignal;
+import android.os.ParcelFileDescriptor;
+import android.os.RemoteException;
+
+public class Test extends ContentProvider {
+
+	void sink(Object o) {}
+
+	// "android.content;ContentProvider;true;call;(String,String,String,Bundle);;Parameter[0..3];contentprovider",
+	@Override
+	public Bundle call(String authority, String method, String arg, Bundle extras) {
+		sink(authority); // $ hasTaintFlow
+		sink(method); // $ hasTaintFlow
+		sink(arg); // $ hasTaintFlow
+		sink(extras.get("some_key")); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;call;(String,String,Bundle);;Parameter[0..2];contentprovider",
+	public Bundle call(String method, String arg, Bundle extras) {
+		sink(method); // $ hasTaintFlow
+		sink(arg); // $ hasTaintFlow
+		sink(extras.get("some_key")); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Parameter[0..2];contentprovider",
+	@Override
+	public int delete(Uri uri, String selection, String[] selectionArgs) {
+		sink(uri); // $ hasTaintFlow
+		sink(selection); // $ hasTaintFlow
+		sink(selectionArgs); // $ hasTaintFlow
+		return 0;
+	}
+
+	// "android.content;ContentProvider;true;delete;(Uri,Bundle);;Parameter[0..1];contentprovider",
+	@Override
+	public int delete(Uri uri, Bundle extras) {
+		sink(uri); // $ hasTaintFlow
+		sink(extras.get("some_key")); // $ hasTaintFlow
+		return 0;
+	}
+
+	// "android.content;ContentProvider;true;getType;(Uri);;Parameter[0];contentprovider",
+	@Override
+	public String getType(Uri uri) {
+		sink(uri); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;insert;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider",
+	@Override
+	public Uri insert(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri); // $ hasTaintFlow
+		sink(values); // $ hasTaintFlow
+		sink(extras.get("some_key")); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;insert;(Uri,ContentValues);;Parameter[0..1];contentprovider",
+	@Override
+	public Uri insert(Uri uri, ContentValues values) {
+		sink(uri); // $ hasTaintFlow
+		sink(values); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openAssetFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider",
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri); // $ hasTaintFlow
+		sink(mode); // Safe
+		sink(signal); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openAssetFile;(Uri,String);;Parameter[0];contentprovider",
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode) {
+		sink(uri); // $ hasTaintFlow
+		sink(mode); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle,CancellationSignal);;Parameter[0..2];contentprovider",
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts,
+			CancellationSignal signal) throws RemoteException, FileNotFoundException {
+		sink(uri); // $ hasTaintFlow
+		sink(mimeTypeFilter); // $ hasTaintFlow
+		sink(opts.get("some_key")); // $ hasTaintFlow
+		sink(signal); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle);;Parameter[0..2];contentprovider",
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts)
+			throws FileNotFoundException {
+		sink(uri); // $ hasTaintFlow
+		sink(mimeTypeFilter); // $ hasTaintFlow
+		sink(opts.get("some_key")); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider",
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri); // $ hasTaintFlow
+		sink(mode); // Safe
+		sink(signal); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;openFile;(Uri,String);;Parameter[0..1];contentprovider",
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode) {
+		sink(uri); // $ hasTaintFlow
+		sink(mode); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;query;(Uri,String[],Bundle,CancellationSignal);;Parameter[0..2];contentprovider",
+	@Override
+	public Cursor query(Uri uri, String[] projection, Bundle queryArgs,
+			CancellationSignal cancellationSignal) {
+		sink(uri); // $ hasTaintFlow
+		sink(projection); // $ hasTaintFlow
+		sink(queryArgs.get("some_key")); // $ hasTaintFlow
+		sink(cancellationSignal); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Parameter[0..4];contentprovider",
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder) {
+		sink(uri); // $ hasTaintFlow
+		sink(projection); // $ hasTaintFlow
+		sink(selection); // $ hasTaintFlow
+		sink(selectionArgs); // $ hasTaintFlow
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Parameter[0..4];contentprovider",
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder, CancellationSignal cancellationSignal) {
+		sink(uri); // $ hasTaintFlow
+		sink(projection); // $ hasTaintFlow
+		sink(selection); // $ hasTaintFlow
+		sink(selectionArgs); // $ hasTaintFlow
+		sink(sortOrder); // $ hasTaintFlow
+		sink(cancellationSignal); // Safe
+		return null;
+	}
+
+	// "android.content;ContentProvider;true;update;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider",
+	@Override
+	public int update(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri); // $ hasTaintFlow
+		sink(values); // $ hasTaintFlow
+		sink(extras.get("some_key")); // $ hasTaintFlow
+		return 0;
+	}
+
+	// "android.content;ContentProvider;true;update;(Uri,ContentValues,String,String[]);;Parameter[0..3];contentprovider"
+	@Override
+	public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+		sink(uri); // $ hasTaintFlow
+		sink(values); // $ hasTaintFlow
+		sink(selection); // $ hasTaintFlow
+		sink(selectionArgs); // $ hasTaintFlow
+		return 0;
+	}
+
+	@Override
+	public boolean onCreate() {
+		return false;
+	}
+}
--- a/java/ql/test/library-tests/frameworks/android/content-provider/options
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0
--- a/java/ql/test/library-tests/frameworks/android/content-provider/test.expected
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.expected
--- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
@@ -0,0 +1,13 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+import TestUtilities.InlineFlowTest
+
+class ProviderTaintFlowConf extends DefaultTaintFlowConf {
+  override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
+}
+
+class ProviderInlineFlowTest extends InlineFlowTest {
+  override DataFlow::Configuration getValueFlowConfig() { none() }
+
+  override DataFlow::Configuration getTaintFlowConfig() { result instanceof ProviderTaintFlowConf }
+}
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0`