Add tests

java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll

@@ -34,7 +34,7 @@ private predicate externalStorageFlow(DataFlow::Node node1, DataFlow::Node node2
 
 /**
  * Holds if `n` is a node that reads the contents of an external file in Android.
- * This may be controlable by third-party applications, so is treated as a remote flow source.
+ * This is controlable by third-party applications, so is treated as a remote flow source.
  */
 predicate androidExternalStorageSource(DataFlow::Node n) {
   exists(ConstructorCall fInp, DataFlow::Node externalDir |

java/ql/test/library-tests/frameworks/android/external-storage/Test.java

@@ -0,0 +1,51 @@
+import java.io.File;
+import java.io.InputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import android.content.Context;
+import android.os.Environment;
+
+class Test {
+    void sink(Object o) {}
+
+    void test1(Context ctx) throws IOException {
+        File f = new File(ctx.getExternalFilesDir(null), "file.txt");
+        InputStream is = new FileInputStream(f);
+        byte[] data = new byte[is.available()];
+        is.read(data);
+        sink(data); // $hasTaintFlow
+        is.close();
+    }
+
+    void test2(Context ctx) throws IOException {
+        File f = new File(new File(new File(ctx.getExternalFilesDirs(null)[0], "things"), "stuff"), "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+
+    void test3(Context ctx) throws IOException {
+        File f = new File(ctx.getExternalCacheDir(), "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+
+    void test4(Context ctx) throws IOException {
+        File f = new File(ctx.getExternalCacheDirs()[0], "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+
+    void test5(Context ctx) throws IOException {
+        File f = new File(Environment.getExternalStorageDirectory(), "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+
+    void test6(Context ctx) throws IOException {
+        File f = new File(Environment.getExternalStoragePublicDirectory(null), "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+
+    static final File dir = Environment.getExternalStorageDirectory();
+ 
+    void test7(Context ctx) throws IOException {
+        File f = new File(dir, "file.txt");
+        sink(new FileInputStream(f)); // $hasTaintFlow
+    }
+ }

java/ql/test/library-tests/frameworks/android/external-storage/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0

java/ql/test/library-tests/frameworks/android/external-storage/test.ql

@@ -0,0 +1,20 @@
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.FlowSources
+import TestUtilities.InlineFlowTest
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "test:AndroidExternalFlowConf" }
+
+  override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink.asExpr().(Argument).getCall().getCallee().hasName("sink")
+  }
+}
+
+class ExternalStorageTest extends InlineFlowTest {
+  override DataFlow::Configuration getValueFlowConfig() { none() }
+
+  override DataFlow::Configuration getTaintFlowConfig() { result instanceof Conf }
+}

java/ql/test/stubs/google-android-9.0.0/android/os/Environment.java

@@ -0,0 +1,50 @@
+// Generated automatically from android.os.Environment for testing purposes
+
+package android.os;
+
+import java.io.File;
+
+public class Environment
+{
+    public Environment(){}
+    public static File getDataDirectory(){ return null; }
+    public static File getDownloadCacheDirectory(){ return null; }
+    public static File getExternalStorageDirectory(){ return null; }
+    public static File getExternalStoragePublicDirectory(String p0){ return null; }
+    public static File getRootDirectory(){ return null; }
+    public static File getStorageDirectory(){ return null; }
+    public static String DIRECTORY_ALARMS = null;
+    public static String DIRECTORY_AUDIOBOOKS = null;
+    public static String DIRECTORY_DCIM = null;
+    public static String DIRECTORY_DOCUMENTS = null;
+    public static String DIRECTORY_DOWNLOADS = null;
+    public static String DIRECTORY_MOVIES = null;
+    public static String DIRECTORY_MUSIC = null;
+    public static String DIRECTORY_NOTIFICATIONS = null;
+    public static String DIRECTORY_PICTURES = null;
+    public static String DIRECTORY_PODCASTS = null;
+    public static String DIRECTORY_RINGTONES = null;
+    public static String DIRECTORY_SCREENSHOTS = null;
+    public static String MEDIA_BAD_REMOVAL = null;
+    public static String MEDIA_CHECKING = null;
+    public static String MEDIA_EJECTING = null;
+    public static String MEDIA_MOUNTED = null;
+    public static String MEDIA_MOUNTED_READ_ONLY = null;
+    public static String MEDIA_NOFS = null;
+    public static String MEDIA_REMOVED = null;
+    public static String MEDIA_SHARED = null;
+    public static String MEDIA_UNKNOWN = null;
+    public static String MEDIA_UNMOUNTABLE = null;
+    public static String MEDIA_UNMOUNTED = null;
+    public static String getExternalStorageState(){ return null; }
+    public static String getExternalStorageState(File p0){ return null; }
+    public static String getStorageState(File p0){ return null; }
+    public static boolean isExternalStorageEmulated(){ return false; }
+    public static boolean isExternalStorageEmulated(File p0){ return false; }
+    public static boolean isExternalStorageLegacy(){ return false; }
+    public static boolean isExternalStorageLegacy(File p0){ return false; }
+    public static boolean isExternalStorageManager(){ return false; }
+    public static boolean isExternalStorageManager(File p0){ return false; }
+    public static boolean isExternalStorageRemovable(){ return false; }
+    public static boolean isExternalStorageRemovable(File p0){ return false; }
+}