hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add case for androidx.biometric api

Browse Source
This commit is contained in:
Joe Farebrother
2024-02-02 17:19:20 +00:00
parent 2a00375bb7
commit 71852868ac
4 changed files with 137 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll
View File

@@ -9,6 +9,8 @@ private class AuthenticationCallbackClass extends Class {
"FingerprintManager$AuthenticationCallback")
or
this.hasQualifiedName("android.hardware.biometrics", "BiometricPrompt$AuthenticationCallback")
or
this.hasQualifiedName("androidx.biometric", "BiometricPrompt$AuthenticationCallback")
}
}

47
java/ql/test/query-tests/security/CWE-287/Test2.java Normal file
View File

@@ -0,0 +1,47 @@
import androidx.biometric.BiometricPrompt;
class TestC {
public static void useKey(BiometricPrompt.CryptoObject key) {}
// GOOD: result is used
class Test1 extends BiometricPrompt.AuthenticationCallback {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
TestC.useKey(result.getCryptoObject());
}
}
// BAD: result is not used
class Test2 extends BiometricPrompt.AuthenticationCallback {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
}
}
// BAD: result is only used in a super call
class Test3 extends BiometricPrompt.AuthenticationCallback {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
super.onAuthenticationSucceeded(result);
}
}
// GOOD: result is used
class Test4 extends BiometricPrompt.AuthenticationCallback {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
super.onAuthenticationSucceeded(result);
TestC.useKey(result.getCryptoObject());
}
}
// GOOD: result is used in a super call to a class other than the base class
class Test5 extends Test1 {
@Override
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
super.onAuthenticationSucceeded(result);
}
}
}

9
java/ql/test/stubs/google-android-9.0.0/android/security/identity/PresentationSession.java generated Normal file
View File

@@ -0,0 +1,9 @@
// Generated automatically from android.security.identity.PresentationSession for testing purposes
package android.security.identity;
public class PresentationSession
{
protected PresentationSession() {}
}

79
java/ql/test/stubs/google-android-9.0.0/androidx/biometric/BiometricPrompt.java generated Normal file
View File

@@ -0,0 +1,79 @@
// Generated automatically from androidx.biometric.BiometricPrompt for testing purposes
package androidx.biometric;
import android.security.identity.IdentityCredential;
import android.security.identity.PresentationSession;
import androidx.fragment.app.Fragment;
import androidx.fragment.app.FragmentActivity;
import java.security.Signature;
import java.util.concurrent.Executor;
import javax.crypto.Cipher;
import javax.crypto.Mac;
public class BiometricPrompt
{
protected BiometricPrompt() {}
abstract static public class AuthenticationCallback
{
public AuthenticationCallback(){}
public void onAuthenticationError(int p0, CharSequence p1){}
public void onAuthenticationFailed(){}
public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult p0){}
}
public BiometricPrompt(Fragment p0, BiometricPrompt.AuthenticationCallback p1){}
public BiometricPrompt(Fragment p0, Executor p1, BiometricPrompt.AuthenticationCallback p2){}
public BiometricPrompt(FragmentActivity p0, BiometricPrompt.AuthenticationCallback p1){}
public BiometricPrompt(FragmentActivity p0, Executor p1, BiometricPrompt.AuthenticationCallback p2){}
public static int AUTHENTICATION_RESULT_TYPE_BIOMETRIC = 0;
public static int AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL = 0;
public static int AUTHENTICATION_RESULT_TYPE_UNKNOWN = 0;
public static int ERROR_CANCELED = 0;
public static int ERROR_HW_NOT_PRESENT = 0;
public static int ERROR_HW_UNAVAILABLE = 0;
public static int ERROR_LOCKOUT = 0;
public static int ERROR_LOCKOUT_PERMANENT = 0;
public static int ERROR_NEGATIVE_BUTTON = 0;
public static int ERROR_NO_BIOMETRICS = 0;
public static int ERROR_NO_DEVICE_CREDENTIAL = 0;
public static int ERROR_NO_SPACE = 0;
public static int ERROR_SECURITY_UPDATE_REQUIRED = 0;
public static int ERROR_TIMEOUT = 0;
public static int ERROR_UNABLE_TO_PROCESS = 0;
public static int ERROR_USER_CANCELED = 0;
public static int ERROR_VENDOR = 0;
public void authenticate(BiometricPrompt.PromptInfo p0){}
public void authenticate(BiometricPrompt.PromptInfo p0, BiometricPrompt.CryptoObject p1){}
public void cancelAuthentication(){}
static public class AuthenticationResult
{
protected AuthenticationResult() {}
public BiometricPrompt.CryptoObject getCryptoObject(){ return null; }
public int getAuthenticationType(){ return 0; }
}
static public class CryptoObject
{
protected CryptoObject() {}
public Cipher getCipher(){ return null; }
public CryptoObject(Cipher p0){}
public CryptoObject(IdentityCredential p0){}
public CryptoObject(Mac p0){}
public CryptoObject(PresentationSession p0){}
public CryptoObject(Signature p0){}
public IdentityCredential getIdentityCredential(){ return null; }
public Mac getMac(){ return null; }
public PresentationSession getPresentationSession(){ return null; }
public Signature getSignature(){ return null; }
}
static public class PromptInfo
{
protected PromptInfo() {}
public CharSequence getDescription(){ return null; }
public CharSequence getNegativeButtonText(){ return null; }
public CharSequence getSubtitle(){ return null; }
public CharSequence getTitle(){ return null; }
public boolean isConfirmationRequired(){ return false; }
public boolean isDeviceCredentialAllowed(){ return false; }
public int getAllowedAuthenticators(){ return 0; }
}
}