hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add unit tests + make some fixes

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-23 09:38:48 +00:00
parent 8582093e65
commit 6081f18089
10 changed files with 169 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.test">
</manifest>

15
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/R.java Normal file
View File

@@ -0,0 +1,15 @@
package com.example.test;
public final class R {
public static final class id {
public static final int test1 = 1;
public static final int test2 = 2;
public static final int test3 = 3;
public static final int test4 = 4;
public static final int test5 = 5;
}
public static final class string {
public static final int password_prompt = 0;
}
}

31
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/Test.java Normal file
View File

@@ -0,0 +1,31 @@
package com.example.test;
import android.app.Activity;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.LinearLayout;
import android.view.View;
import android.text.InputType;
class Test extends Activity {
void test(String password) {
EditText test1 = findViewById(R.id.test1);
test1.setText(password); // $sensitive-text
test1.setHint(password); // $sensitive-text
test1.append(password); // $sensitive-text
test1.setText(R.string.password_prompt);
TextView test2 = findViewById(R.id.test2);
test2.setVisibility(View.INVISIBLE);
test2.setText(password);
EditText test3 = findViewById(R.id.test3);
test3.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
test3.setText(password);
LinearLayout test4 = findViewById(R.id.test4);
TextView test5 = findViewById(R.id.test5);
test4.setVisibility(View.INVISIBLE);
test5.setText(password);
}
}

1
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/google-android-9.0.0

23
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/res/layout/Test.xml Normal file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto">
<EditText
android:id="@+id/test1"
android:inputType="text"/>
<TextView
android:id="@+id/test2"/>
<EditText
android:id="@+id/test3"/>
<LinearLayout
android:id="@+id/test4">
<TextView
android:id="@+id/test5"/>
</LinearLayout>
</LinearLayout>

2
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.expected Normal file
View File

@@ -0,0 +1,2 @@
testFailures
failures

19
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.SensitiveUiQuery
module SensitiveTextTest implements TestSig {
string getARelevantTag() { result = "sensitive-text" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "sensitive-text" and
exists(DataFlow::Node sink | TextFieldTracking::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
import MakeTest<SensitiveTextTest>