Add basic tests for Android intents as flow sources

2026-04-28 10:15:14 +02:00 · 2020-10-27 12:03:05 +00:00
parent 54c1480fd6
commit 3f298f3dc8
4 changed files with 87 additions and 0 deletions
--- a/java/ql/test/experimental/query-tests/security/CWE-927/AndroidManifest.xml
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/AndroidManifest.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:versionCode="1"
+    android:versionName="1.0"
+    package="com.example.myapp">
+
+    <!-- Beware that these values are overridden by the build.gradle file -->
+    <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="26" />
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:label="@string/app_name"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+
+        <!-- This name is resolved to com.example.myapp.MainActivity
+             based upon the package attribute -->
+        <activity android:name=".IntentSources">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+        <activity
+            android:name=".DisplayMessageActivity"
+            android:parentActivityName=".MainActivity" />
+    </application>
+</manifest>
+
+<!--
+/*
+ *  This file is licensed under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+-->
--- a/java/ql/test/experimental/query-tests/security/CWE-927/ExecTainted.qlref
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/ExecTainted.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-078/ExecTainted.ql
--- a/java/ql/test/experimental/query-tests/security/CWE-927/IntentSources.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/IntentSources.java
@@ -0,0 +1,37 @@
+package com.example.myapp;
+
+import android.app.Activity;
+
+public class IntentSources extends Activity {
+
+	public void test() {
+
+		String trouble = this.getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+	public void test2() {
+
+		String trouble = getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+	public void test3() {
+
+		String trouble = getIntent().getExtras().getString("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+}
+
+class OtherClass {
+
+	public void test(IntentSources is) {
+		String trouble = is.getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+	}
+
+}
--- a/java/ql/test/experimental/query-tests/security/CWE-927/options
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/options
@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0
				`@@ -0,0 +1 @@`
				`// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0`