Add unit tests + make some fixes

2026-04-25 16:55:19 +02:00 · 2024-01-23 09:38:48 +00:00
parent 8582093e65
commit 6081f18089
10 changed files with 169 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
@@ -46,9 +46,9 @@ private class SetTextCall extends MethodCall {
 /** A call to a method indicating that the contents of a UI element are safely masked. */
 private class MaskCall extends MethodCall {
  MaskCall() {
-    this.getMethod().hasQualifiedName("android.widget", "TextView", "setInputType")
+    this.getMethod().getAnOverride*().hasQualifiedName("android.widget", "TextView", "setInputType")
    or
-    this.getMethod().hasQualifiedName("android.widget", "view", "setVisibility")
+    this.getMethod().getAnOverride*().hasQualifiedName("android.view", "View", "setVisibility")
  }
 }

@@ -66,6 +66,8 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) {
    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
  }
+
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }

 /** Holds if the given may be masked. */
--- a/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
+++ b/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
@@ -16,5 +16,5 @@ import semmle.code.java.security.SensitiveUiQuery
 import TextFieldTracking::PathGraph

 from TextFieldTracking::PathNode source, TextFieldTracking::PathNode sink
-where NotificationTracking::flowPath(source, sink)
+where TextFieldTracking::flowPath(source, sink)
 select sink, source, sink, "This $@ is exposed in a text view.", source, "sensitive information"
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/AndroidManifest.xml
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/AndroidManifest.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.test">
+</manifest>
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/R.java
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/R.java
@@ -0,0 +1,15 @@
+package com.example.test;
+
+public final class R {
+    public static final class id {
+        public static final int test1 = 1;
+        public static final int test2 = 2;
+        public static final int test3 = 3;
+        public static final int test4 = 4;
+        public static final int test5 = 5;
+    }
+
+    public static final class string {
+        public static final int password_prompt = 0;
+    }
+}
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/Test.java
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/Test.java
@@ -0,0 +1,31 @@
+package com.example.test;
+
+import android.app.Activity;
+import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.LinearLayout;
+import android.view.View;
+import android.text.InputType;
+
+class Test extends Activity {
+    void test(String password) {
+        EditText test1 = findViewById(R.id.test1);
+        test1.setText(password); // $sensitive-text
+        test1.setHint(password); // $sensitive-text
+        test1.append(password); // $sensitive-text
+        test1.setText(R.string.password_prompt);
+
+        TextView test2 = findViewById(R.id.test2);
+        test2.setVisibility(View.INVISIBLE);
+        test2.setText(password);
+
+        EditText test3 = findViewById(R.id.test3);
+        test3.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
+        test3.setText(password);
+
+        LinearLayout test4 = findViewById(R.id.test4);
+        TextView test5 = findViewById(R.id.test5);
+        test4.setVisibility(View.INVISIBLE);
+        test5.setText(password);
+    }
+}
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/options
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/google-android-9.0.0
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/res/layout/Test.xml
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/res/layout/Test.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto">
+
+
+    <EditText
+        android:id="@+id/test1"
+        android:inputType="text"/>
+
+    <TextView
+        android:id="@+id/test2"/>
+
+    <EditText
+        android:id="@+id/test3"/>
+
+    <LinearLayout
+        android:id="@+id/test4">
+        <TextView
+            android:id="@+id/test5"/>
+    </LinearLayout>
+
+</LinearLayout>
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.expected
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.ql
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.ql
@@ -0,0 +1,19 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.security.SensitiveUiQuery
+
+module SensitiveTextTest implements TestSig {
+  string getARelevantTag() { result = "sensitive-text" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "sensitive-text" and
+    exists(DataFlow::Node sink | TextFieldTracking::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<SensitiveTextTest>
--- a/java/ql/test/stubs/google-android-9.0.0/android/widget/LinearLayout.java
+++ b/java/ql/test/stubs/google-android-9.0.0/android/widget/LinearLayout.java
@@ -0,0 +1,68 @@
+// Generated automatically from android.widget.LinearLayout for testing purposes
+
+package android.widget;
+
+import android.content.Context;
+import android.graphics.Canvas;
+import android.graphics.drawable.Drawable;
+import android.util.AttributeSet;
+import android.view.ViewGroup;
+
+public class LinearLayout extends ViewGroup
+{
+    protected LinearLayout() {}
+    protected LinearLayout.LayoutParams generateDefaultLayoutParams(){ return null; }
+    protected LinearLayout.LayoutParams generateLayoutParams(ViewGroup.LayoutParams p0){ return null; }
+    protected boolean checkLayoutParams(ViewGroup.LayoutParams p0){ return false; }
+    protected void onDraw(Canvas p0){}
+    protected void onLayout(boolean p0, int p1, int p2, int p3, int p4){}
+    protected void onMeasure(int p0, int p1){}
+    public CharSequence getAccessibilityClassName(){ return null; }
+    public Drawable getDividerDrawable(){ return null; }
+    public LinearLayout(Context p0){}
+    public LinearLayout(Context p0, AttributeSet p1){}
+    public LinearLayout(Context p0, AttributeSet p1, int p2){}
+    public LinearLayout(Context p0, AttributeSet p1, int p2, int p3){}
+    public LinearLayout.LayoutParams generateLayoutParams(AttributeSet p0){ return null; }
+    public boolean isBaselineAligned(){ return false; }
+    public boolean isMeasureWithLargestChildEnabled(){ return false; }
+    public boolean shouldDelayChildPressedState(){ return false; }
+    public float getWeightSum(){ return 0; }
+    public int getBaseline(){ return 0; }
+    public int getBaselineAlignedChildIndex(){ return 0; }
+    public int getDividerPadding(){ return 0; }
+    public int getGravity(){ return 0; }
+    public int getOrientation(){ return 0; }
+    public int getShowDividers(){ return 0; }
+    public static int HORIZONTAL = 0;
+    public static int SHOW_DIVIDER_BEGINNING = 0;
+    public static int SHOW_DIVIDER_END = 0;
+    public static int SHOW_DIVIDER_MIDDLE = 0;
+    public static int SHOW_DIVIDER_NONE = 0;
+    public static int VERTICAL = 0;
+    public void onRtlPropertiesChanged(int p0){}
+    public void setBaselineAligned(boolean p0){}
+    public void setBaselineAlignedChildIndex(int p0){}
+    public void setDividerDrawable(Drawable p0){}
+    public void setDividerPadding(int p0){}
+    public void setGravity(int p0){}
+    public void setHorizontalGravity(int p0){}
+    public void setMeasureWithLargestChildEnabled(boolean p0){}
+    public void setOrientation(int p0){}
+    public void setShowDividers(int p0){}
+    public void setVerticalGravity(int p0){}
+    public void setWeightSum(float p0){}
+    static public class LayoutParams extends ViewGroup.MarginLayoutParams
+    {
+        protected LayoutParams() {}
+        public LayoutParams(Context p0, AttributeSet p1){}
+        public LayoutParams(LinearLayout.LayoutParams p0){}
+        public LayoutParams(ViewGroup.LayoutParams p0){}
+        public LayoutParams(ViewGroup.MarginLayoutParams p0){}
+        public LayoutParams(int p0, int p1){}
+        public LayoutParams(int p0, int p1, float p2){}
+        public String debug(String p0){ return null; }
+        public float weight = 0;
+        public int gravity = 0;
+    }
+}
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/google-android-9.0.0`