From f1c08bc492321d8744b81f00ca5c525e2dfafdf6 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 22 Apr 2022 17:44:59 +0200 Subject: [PATCH 1/3] Add value-preserving steps for SharedPreferences --- .../semmle/code/java/dataflow/ExternalFlow.qll | 1 + .../frameworks/android/SharedPreferences.qll | 17 +++++++++++++++++ .../CleartextStorageSharedPrefsTest.java | 9 ++++++++- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 3ea87607483..4e8f7e8aa22 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -82,6 +82,7 @@ private module Frameworks { private import semmle.code.java.frameworks.android.ContentProviders private import semmle.code.java.frameworks.android.Intent private import semmle.code.java.frameworks.android.Notifications + private import semmle.code.java.frameworks.android.SharedPreferences private import semmle.code.java.frameworks.android.Slice private import semmle.code.java.frameworks.android.SQLite private import semmle.code.java.frameworks.android.Widget diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll index a3298fd70d8..bb962ec0362 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll @@ -1,6 +1,7 @@ /** Provides classes related to `android.content.SharedPreferences`. */ import java +import semmle.code.java.dataflow.ExternalFlow /** The interface `android.content.SharedPreferences`. */ class SharedPreferences extends Interface { @@ -55,3 +56,19 @@ class StoreSharedPreferenceMethod extends Method { this.hasName(["commit", "apply"]) } } + +private class SharedPreferencesSummaries extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "android.content;SharedPreferences$Editor;true;clear;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putBoolean;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putFloat;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putInt;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putLong;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putString;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;putStringSet;;;Argument[-1];ReturnValue;value", + "android.content;SharedPreferences$Editor;true;remove;;;Argument[-1];ReturnValue;value" + ] + } +} diff --git a/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java b/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java index 1b6d8a8c3a4..bdd14b0112d 100644 --- a/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java +++ b/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java @@ -89,9 +89,16 @@ public class CleartextStorageSharedPrefsTest extends Activity { .create(context, "secret_shared_prefs", masterKey, EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM) - .edit().putString("name", name) /// Safe + .edit().putString("name", name) // Safe .putString("password", password); // Safe editor.commit(); } + + public void testSetSharedPrefs7(Context context, String name, String password) { + SharedPreferences sharedPrefs = + context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE); + sharedPrefs.edit().putString("name", name).apply(); // Safe + sharedPrefs.edit().putString("password", password).apply(); // $hasCleartextStorageSharedPrefs + } } From d982aeaf6f6a90fb9fadd47eeefde2d1ebe1c67a Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Fri, 22 Apr 2022 17:50:47 +0200 Subject: [PATCH 2/3] Add change note --- .../lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md diff --git a/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md b/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md new file mode 100644 index 00000000000..324b7b0d59f --- /dev/null +++ b/java/ql/lib/change-notes/2022-04-22-sharedprefs-fluent-steps.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow. \ No newline at end of file From f1e5e57d768425463fcf277c2756bc4274c3a526 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 25 Apr 2022 12:39:01 +0200 Subject: [PATCH 3/3] Update java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll --- .../semmle/code/java/frameworks/android/SharedPreferences.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll index bb962ec0362..6b9bcc987df 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll @@ -1,7 +1,7 @@ /** Provides classes related to `android.content.SharedPreferences`. */ import java -import semmle.code.java.dataflow.ExternalFlow +private import semmle.code.java.dataflow.ExternalFlow /** The interface `android.content.SharedPreferences`. */ class SharedPreferences extends Interface {