Merge pull request #13136 from jcogs33/jcogs33/revamp-java-source-kinds

Java: change `android-widget` MaD source kind to `remote`
2026-03-05 07:06:47 +01:00 · 2023-06-01 14:18:02 -04:00
parent 617107de35 de15013715
commit 1a82e21fdb
6 changed files with 7 additions and 16 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -287,7 +287,7 @@ module ModelValidation {
    )
    or
    exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and
+      not kind = ["remote", "contentprovider", "android-external-storage-dir"] and
      not kind.matches("qltest%") and
      result = "Invalid kind \"" + kind + "\" in source model."
    )
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -36,13 +36,6 @@ abstract class RemoteFlowSource extends DataFlow::Node {
  abstract string getSourceType();
 }

-/**
- * A module for importing frameworks that define remote flow sources.
- */
-private module RemoteFlowSources {
-  private import semmle.code.java.frameworks.android.Widget
-}
-
 private class ExternalRemoteFlowSource extends RemoteFlowSource {
  ExternalRemoteFlowSource() { sourceNode(this, "remote") }

--- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
@@ -4,12 +4,6 @@ import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources

-private class DefaultAndroidWidgetSources extends RemoteFlowSource {
-  DefaultAndroidWidgetSources() { sourceNode(this, "android-widget") }
-
-  override string getSourceType() { result = "Android widget source" }
-}
-
 private class EditableToStringStep extends AdditionalTaintStep {
  override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
    exists(MethodAccess ma |