From 3e09d86a4fecc9846f9d7fce1ad4e5bcf3277a30 Mon Sep 17 00:00:00 2001 From: Jami Cogswell Date: Mon, 1 Aug 2022 23:39:55 -0400 Subject: [PATCH] adding starter files --- .../ImplicitlyExportedAndroidComponent.qhelp | 38 +++++++++++++++++++ .../ImplicitlyExportedAndroidComponent.ql | 22 +++++++++++ .../2022-08-DD-android-implicit-export.md | 4 ++ ...citlyExportedAndroidComponentTest.expected | 0 .../ImplicitlyExportedAndroidComponentTest.ql | 23 +++++++++++ .../query-tests/security/CWE-926/Test.java | 3 ++ .../test/query-tests/security/CWE-926/options | 1 + 7 files changed, 91 insertions(+) create mode 100644 java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp create mode 100644 java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql create mode 100644 java/ql/src/change-notes/2022-08-DD-android-implicit-export.md create mode 100644 java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.expected create mode 100644 java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql create mode 100644 java/ql/test/query-tests/security/CWE-926/Test.java create mode 100644 java/ql/test/query-tests/security/CWE-926/options diff --git a/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp new file mode 100644 index 00000000000..237c7dd0070 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp @@ -0,0 +1,38 @@ + + + + +

TODO: Replace the following +When a debugger is enabled it could allow for entry points in the application or reveal sensitive information.

+ + + + +

TODO: Replace the following +In Android applications either set the android:debuggable attribute to false +or do not include it in the manifest. The default value when not included is false.

+ + + + +

TODO: Replace the following +In the example below, the android:debuggable attribute is set to true.

+ + + +

The corrected version sets the android:debuggable attribute to false.

+ + + + + + +
  • + TODO: REPLACE LINKS. Android Developers: + The android:debuggable attribute. +
    • + +     +     diff --git a/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql new file mode 100644 index 00000000000..be5c1742500 --- /dev/null +++ b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql @@ -0,0 +1,22 @@ +/** + * @name Implicitly imported Android component + * @description TODO after more background reading + * @kind problem (TODO: confirm after more background reading) + * @problem.severity warning (TODO: confirm after more background reading) + * @security-severity 0.1 (TODO: run script) + * @id java/android/implicitly-imported-component + * @tags security + * external/cwe/cwe-926 + * @precision TODO after MRVA + */ + +import java +import semmle.code.xml.AndroidManifest + +// TODO: change query +from AndroidXmlAttribute androidXmlAttr +where + androidXmlAttr.getName() = "debuggable" and + androidXmlAttr.getValue() = "true" and + not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%") +select androidXmlAttr, "The 'android:debuggable' attribute is enabled." diff --git a/java/ql/src/change-notes/2022-08-DD-android-implicit-export.md b/java/ql/src/change-notes/2022-08-DD-android-implicit-export.md new file mode 100644 index 00000000000..fa9252b8cfc --- /dev/null +++ b/java/ql/src/change-notes/2022-08-DD-android-implicit-export.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `java/android/implicitly-imported-component`, to detect if an Android component can become implicitly exported. diff --git a/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.expected b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql new file mode 100644 index 00000000000..fd723ac9548 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql @@ -0,0 +1,23 @@ +import java +import semmle.code.xml.AndroidManifest +import TestUtilities.InlineExpectationsTest + +// TODO: update for implicit export query +class DebuggableAttributeTrueTest extends InlineExpectationsTest { + DebuggableAttributeTrueTest() { this = "DebuggableAttributeEnabledTest" } + + override string getARelevantTag() { result = "hasDebuggableAttributeEnabled" } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasDebuggableAttributeEnabled" and + exists(AndroidXmlAttribute androidXmlAttr | + androidXmlAttr.getName() = "debuggable" and + androidXmlAttr.getValue() = "true" and + not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%") + | + androidXmlAttr.getLocation() = location and + element = androidXmlAttr.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/query-tests/security/CWE-926/Test.java b/java/ql/test/query-tests/security/CWE-926/Test.java new file mode 100644 index 00000000000..4566fbca2ad --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/Test.java @@ -0,0 +1,3 @@ +public class Test { + +} diff --git a/java/ql/test/query-tests/security/CWE-926/options b/java/ql/test/query-tests/security/CWE-926/options new file mode 100644 index 00000000000..dacd3cb21df --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-926/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0