From 5206c792b099ce65cd41bc47ff66aadfab85aa9a Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 7 Sep 2022 12:07:48 -0400
Subject: [PATCH] Additional Unit tests for the allowBackup query

---
 .../security/CWE-312/AndroidManifest.xml      |  2 +-
 .../backup}/AllowBackupEnabledTest.expected   |  0
 .../backup}/AllowBackupEnabledTest.java       |  0
 .../backup}/AllowBackupEnabledTest.ql         |  3 +-
 .../TestEmptyManifest/AndroidManifest.xml     |  3 ++
 .../AndroidManifest.xml                       | 29 +++++++++++++++++++
 .../TestExplicitlyEnabled/AndroidManifest.xml | 29 +++++++++++++++++++
 .../backup/TestLibrary/AndroidManifest.xml    |  6 ++++
 .../backup/TestMissing/AndroidManifest.xml    | 29 +++++++++++++++++++
 .../backup/Testbuild/AndroidManifest.xml      | 29 +++++++++++++++++++
 10 files changed, 127 insertions(+), 3 deletions(-)
 rename java/ql/test/query-tests/security/CWE-312/{ => android/backup}/AllowBackupEnabledTest.expected (100%)
 rename java/ql/test/query-tests/security/CWE-312/{ => android/backup}/AllowBackupEnabledTest.java (100%)
 rename java/ql/test/query-tests/security/CWE-312/{ => android/backup}/AllowBackupEnabledTest.ql (84%)
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/TestEmptyManifest/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyDisabled/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/TestLibrary/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml
 create mode 100644 java/ql/test/query-tests/security/CWE-312/android/backup/Testbuild/AndroidManifest.xml

diff --git a/java/ql/test/query-tests/security/CWE-312/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/AndroidManifest.xml
index 8cf208d0a48..d8af1947bd7 100644
--- a/java/ql/test/query-tests/security/CWE-312/AndroidManifest.xml
+++ b/java/ql/test/query-tests/security/CWE-312/AndroidManifest.xml
@@ -4,7 +4,7 @@
     android:versionCode="1"
     android:versionName="0.1" >
 
-    <application android:allowBackup="true">
+    <application>
         <activity android:name=".CleartextStorageAndroidDatabaseTest"></activity>
         <activity android:name=".CleartextStorageAndroidFileSystemTest"></activity>
         <activity android:name=".CleartextStorageSharedPrefsTest"></activity>
diff --git a/java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.expected b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.expected
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.expected
rename to java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.expected
diff --git a/java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.java b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.java
similarity index 100%
rename from java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.java
rename to java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.java
diff --git a/java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.ql b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.ql
similarity index 84%
rename from java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.ql
rename to java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.ql
index 604f50dffa7..2ec9c6a0cd8 100644
--- a/java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.ql
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.ql
@@ -10,8 +10,7 @@ class AllowBackupEnabledTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasAllowedBackupEnabled" and
     exists(AndroidApplicationXmlElement androidAppElem |
-      androidAppElem.allowsBackup() and
-      not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
+      androidAppElem.allowsBackup()
     |
       androidAppElem.getAttribute("allowBackup").getLocation() = location and
       element = androidAppElem.getAttribute("debuggable").toString() and
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestEmptyManifest/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestEmptyManifest/AndroidManifest.xml
new file mode 100644
index 00000000000..306f3852be8
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestEmptyManifest/AndroidManifest.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.myapplication" />
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyDisabled/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyDisabled/AndroidManifest.xml
new file mode 100644
index 00000000000..5f35eb615d5
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyDisabled/AndroidManifest.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <!-- Safe: 'android:allowBackup' explicitly disabled --> <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <activity
+            android:name=".MainActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:theme="@style/Theme.MyApplication.NoActionBar">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml
new file mode 100644
index 00000000000..959c14c8507
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestExplicitlyEnabled/AndroidManifest.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <!-- $ hasAllowBackupEnabled --> <application
+        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <activity
+            android:name=".MainActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:theme="@style/Theme.MyApplication.NoActionBar">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestLibrary/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestLibrary/AndroidManifest.xml
new file mode 100644
index 00000000000..e83d18d59e9
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestLibrary/AndroidManifest.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.myapplication" >
+    <!-- Safe: application element does not provide the MAIN intent --> <application  android:supportsRtl="true">
+    </application>
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml
new file mode 100644
index 00000000000..43a966ac28e
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/TestMissing/AndroidManifest.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <!-- $ hasAllowBackupEnabled --> <application
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <activity
+            android:name=".ItemDetailHostActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:resizeableActivity="true"
+            tools:targetApi="24">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-312/android/backup/Testbuild/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-312/android/backup/Testbuild/AndroidManifest.xml
new file mode 100644
index 00000000000..097e7ed2b51
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-312/android/backup/Testbuild/AndroidManifest.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <!-- Safe: files in the build directory are ignored --> <application
+        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <activity
+            android:name=".MainActivity"
+            android:exported="true"
+            android:label="@string/app_name"
+            android:theme="@style/Theme.MyApplication.NoActionBar">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>