hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement checks for parent views being hidden

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-22 14:52:53 +00:00
parent 1b13597d72
commit 8582093e65
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
View File

@@ -59,7 +59,7 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) {
exists(SetTextCall call |
sink.asExpr() = call.getStringArgument() and
not isMasked(call)
not setTextCallIsMasked(call)
)
}
@@ -68,13 +68,18 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
}
}
/** Holds if the given may be masked. */
private predicate viewIsMasked(AndroidLayoutXmlElement view) {
DataFlow::localExprFlow(getAUseOfViewWithId(view.getId()), any(MaskCall mcall).getQualifier())
}
/** Holds if the qualifier of `call` is also called with a method that may mask the information displayed. */
private predicate isMasked(SetTextCall call) {
exists(string id |
DataFlow::localExprFlow(getAUseOfViewWithId(id), call.getQualifier()) and
DataFlow::localExprFlow(getAUseOfViewWithId(id), any(MaskCall mcall).getQualifier())
private predicate setTextCallIsMasked(SetTextCall call) {
exists(AndroidLayoutXmlElement view |
DataFlow::localExprFlow(getAUseOfViewWithId(view.getId()), call.getQualifier()) and
viewIsMasked(view.getParent*())
)
}
/** Taint tracking flow for sensitive data flowing to text fields. */
module TextFieldTracking = TaintTracking::Global<NotificationTrackingConfig>;
module TextFieldTracking = TaintTracking::Global<TextFieldTrackingConfig>;