hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 05:24:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Re-enable Widget.qll flow steps

Browse Source 
The library Widget.qll was accidentally removed from the global context when its sources were migrated to models-as-data in #13136. This re-adds it so that its flow steps are enabled again.
This commit is contained in:
Tony Torralba
2024-02-23 13:05:15 +01:00
parent 8aff913c3c
commit 759b74791c
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2024-02-23-widget-flowsteps.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* Some flow steps related to `android.text.Editable.toString` that were accidentally disabled have been re-enabled.

1
java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
View File

@@ -14,6 +14,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.android.Intent
private import semmle.code.java.frameworks.android.Slice
private import semmle.code.java.frameworks.android.SQLite
private import semmle.code.java.frameworks.android.Widget
private import semmle.code.java.frameworks.apache.Lang
private import semmle.code.java.frameworks.ApacheHttp
private import semmle.code.java.frameworks.guava.Guava

8
java/ql/test/query-tests/security/CWE-312/android/CleartextStorage/CleartextStorageSharedPrefsTest.java
View File

@@ -2,6 +2,7 @@ import android.app.Activity;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.SharedPreferences.Editor;
import android.widget.EditText;
import androidx.security.crypto.MasterKey;
import androidx.security.crypto.EncryptedSharedPreferences;
import java.nio.charset.StandardCharsets;
@@ -101,4 +102,11 @@ public class CleartextStorageSharedPrefsTest extends Activity {
sharedPrefs.edit().putString("name", name).apply(); // Safe
sharedPrefs.edit().putString("password", password).apply(); // $hasCleartextStorageSharedPrefs
}
public void testSetSharedPrefs7(Context context, EditText name, EditText password) {
SharedPreferences sharedPrefs =
context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
sharedPrefs.edit().putString("name", name.getText().toString()).apply(); // Safe
sharedPrefs.edit().putString("password", password.getText().toString()).apply(); // $hasCleartextStorageSharedPrefs
}
}