Add test cases; fix handling of recievers declared through xml

2026-05-10 09:19:27 +02:00 · 2022-04-22 16:41:01 +01:00
parent 87f26bf033
commit 4aed1a1e23
7 changed files with 80 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll
@@ -72,6 +72,11 @@ class SystemActionName extends Top {

  /** Gets the name of the system intent that this expression or attriute represents. */
  string getName() { result = name }
+
+  override string toString() {
+    result =
+      [this.(StringLiteral).toString(), this.(FieldRead).toString(), this.(XMLAttribute).toString()]
+  }
 }

 /** A call to `Context.registerReceiver` */
@@ -140,10 +145,10 @@ predicate xmlUnverifiedSystemReceiver(
    filter.hasName("intent-filter") and
    action.hasName("action") and
    filter = rec.getAChild() and
-    action = rec.getAChild() and
+    action = filter.getAChild() and
    ormty = orm.getDeclaringType() and
-    rec.getAttribute("android:name").getValue() = ["." + ormty.getName(), ormty.getQualifiedName()] and
-    action.getAttribute("android:name") = sa
+    rec.getAttribute("name").getValue() = ["." + ormty.getName(), ormty.getQualifiedName()] and
+    action.getAttribute("name") = sa
  )
 }