Add case for androidx.biometric api

java/ql/test/query-tests/security/CWE-287/Test2.java

@@ -0,0 +1,47 @@
+import androidx.biometric.BiometricPrompt;
+
+class TestC {
+    public static void useKey(BiometricPrompt.CryptoObject key) {}
+
+
+    // GOOD: result is used
+    class Test1 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            TestC.useKey(result.getCryptoObject());
+        }
+    }
+
+    // BAD: result is not used
+    class Test2 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
+            
+        }
+    }
+
+    // BAD: result is only used in a super call
+    class Test3 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
+            super.onAuthenticationSucceeded(result);
+        }
+    }
+
+    // GOOD: result is used
+    class Test4 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            super.onAuthenticationSucceeded(result);
+            TestC.useKey(result.getCryptoObject());
+        }
+    }
+
+    // GOOD: result is used in a super call to a class other than the base class
+    class Test5 extends Test1 {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            super.onAuthenticationSucceeded(result);
+        }
+    }
+}