hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add test cases; fix the regex used

Browse Source
This commit is contained in:
Joe Farebrother
2022-10-04 16:11:12 +01:00
parent 85fe226256
commit 706858e211
7 changed files with 57 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll
View File

@@ -33,7 +33,11 @@ class AndroidEditableXmlElement extends XmlElement {
/** Gets a regex inidcating that an input field may contain sensitive data. */
private string getInputSensitiveInfoRegex() {
result = [getCommonSensitiveInfoRegex(), "(?i).*(bank|credit|debit|security).*"]
result =
[
getCommonSensitiveInfoRegex(),
"(?i).*(bank|credit|debit|(pass(wd|word|code|phrase))|security).*"
]
}
/** Holds if input using the given input type may be stored in the keyboard cache. */

1
java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp
View File

@@ -0,0 +1 @@
todo

5
java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.test">
</manifest>

0
java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import semmle.code.java.security.SensitiveKeyboardCacheQuery
import TestUtilities.InlineExpectationsTest
class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
SensitiveKeyboardCacheTest() { this = "SensitiveKeyboardCacheTest" }
override string getARelevantTag() { result = "hasResult" }
override predicate hasActualResult(Location loc, string element, string tag, string value) {
exists(AndroidEditableXmlElement el |
el = getASensitiveCachedInput() and
loc = el.getLocation() and
element = el.toString() and
tag = "hasResult" and
value = ""
)
}
}

1
java/ql/test/query-tests/security/CWE-524/Test.java Normal file
View File

@@ -0,0 +1 @@
class Test {}

26
java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml Normal file
View File

@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto">
<!-- $hasResult --> <EditText
android:id="@+id/test1_password"
android:inputType="text"/>
<EditText
android:id="@+id/test2_safe"
android:inputType="text"/>
<EditText
android:id="@+id/test3_password"
android:inputType="textNoSuggestions"/>
<EditText
android:id="@+id/test4_password"
android:inputType="textPassword"/>
<!-- $hasResult --> <EditText
android:id="@+id/test5_bank_account_name"
android:inputType="textMultiLine"/>
</LinearLayout>