QL: Add query to find Android queries with improper ids

2025-12-17 01:03:14 +01:00 · 2023-06-20 11:58:32 +02:00
parent 579c56c744
commit 7837959bdf
1 changed files with 32 additions and 0 deletions
--- a/ql/ql/src/queries/style/AndroidIdPrefix.ql
+++ b/ql/ql/src/queries/style/AndroidIdPrefix.ql
@@ -0,0 +1,32 @@
+/**
+ * @name Android query without android @id prefix
+ * @description Android queries should include the `android` prefix in their `@id`.
+ * @kind problem
+ * @problem.severity warning
+ * @id ql/android-id-prefix
+ * @precision high
+ */
+
+import ql
+
+string getIdProperty(QLDoc doc) {
+  result = any(string id | id = doc.getContents().splitAt("@") and id.matches("id %"))
+}
+
+predicate importsAndroidModule(TopLevel t) {
+  exists(Import i | t.getAnImport() = i |
+    i.getImportString().toLowerCase().matches("%android%")
+    or
+    exists(TopLevel t2 |
+      t2.getAModule() = i.getResolvedModule().asModule() and
+      importsAndroidModule(t2)
+    )
+  )
+}
+
+from TopLevel t
+where
+  t.getLocation().getFile().getRelativePath().matches("%src/Security/%.ql") and
+  not getIdProperty(t.getQLDoc()).matches("% java/android/%") and
+  importsAndroidModule(t)
+select t, "This Android query is missing the `android` prefix in its `@id`."