From 0fd09759dfdbfb3679a5f744b81a32fd5d292334 Mon Sep 17 00:00:00 2001
From: masterofnow <150010466+masterofnow@users.noreply.github.com>
Date: Fri, 22 Dec 2023 08:31:23 +0800
Subject: [PATCH] Added sample java file for qhelp to render correctly.

---
 .../Security/CWE/CWE-470/BadClassLoader.java  | 27 ++++++++++++++++
 .../Security/CWE/CWE-470/GoodClassLoader.java | 31 +++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java
 create mode 100644 java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java

diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java b/java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java
new file mode 100644
index 00000000000..6fd6b9ccfa5
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java
@@ -0,0 +1,27 @@
+package poc.sample.classloader;
+
+import android.app.Application;
+import android.content.pm.PackageInfo;
+import android.content.Context;
+import android.util.Log;
+
+public class BadClassLoader extends Application {
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        for (PackageInfo p : getPackageManager().getInstalledPackages(0)) {
+            try {
+                if (p.packageName.startsWith("some.package.")) {
+                    Context appContext = createPackageContext(p.packageName,
+                            CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY);
+                    ClassLoader classLoader = appContext.getClassLoader();
+                    Object result = classLoader.loadClass("some.package.SomeClass")
+                            .getMethod("someMethod")
+                            .invoke(null);
+                }
+            } catch (Exception e) {
+                Log.e("Class loading failed", e.toString());
+            }
+        }
+    }
+}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java b/java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java
new file mode 100644
index 00000000000..fea80fc638d
--- /dev/null
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java
@@ -0,0 +1,31 @@
+package poc.sample.classloader;
+
+import android.app.Application;
+import android.content.pm.PackageInfo;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.util.Log;
+
+public class GoodClassLoader extends Application {
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        PackageManager pm = getPackageManager();
+        for (PackageInfo p : pm.getInstalledPackages(0)) {
+            try {
+                if (p.packageName.startsWith("some.package.") &&
+                        (pm.checkSignatures(p.packageName, getApplicationContext().getPackageName()) == PackageManager.SIGNATURE_MATCH)
+                ) {
+                    Context appContext = createPackageContext(p.packageName,
+                            CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY);
+                    ClassLoader classLoader = appContext.getClassLoader();
+                    Object result = classLoader.loadClass("some.package.SomeClass")
+                            .getMethod("someMethod")
+                            .invoke(null);
+                }
+            } catch (Exception e) {
+                Log.e("Class loading failed", e.toString());
+            }
+        }
+    }
+}