first draft of query and tests

java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql

@@ -1,10 +1,10 @@
 /**
- * @name Implicitly imported Android component
+ * @name Implicitly exported Android component
  * @description TODO after more background reading
- * @kind problem (TODO: confirm after more background reading)
+ * @kind problem
  * @problem.severity warning (TODO: confirm after more background reading)
  * @security-severity 0.1 (TODO: run script)
- * @id java/android/implicitly-imported-component
+ * @id java/android/implicitly-exported-component
  * @tags security
  *       external/cwe/cwe-926
  * @precision TODO after MRVA
@@ -13,10 +13,16 @@
 import java
 import semmle.code.xml.AndroidManifest
 
-// TODO: change query
-from AndroidXmlAttribute androidXmlAttr
+from AndroidComponentXmlElement compElem
 where
-  androidXmlAttr.getName() = "debuggable" and
-  androidXmlAttr.getValue() = "true" and
-  not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%")
-select androidXmlAttr, "The 'android:debuggable' attribute is enabled."
+  not compElem.hasAttribute("exported") and
+  compElem.getAChild().hasName("intent-filter") and
+  not compElem.hasAttribute("permission") and
+  not compElem
+      .getAnIntentFilterElement()
+      .getAnActionElement()
+      .getActionName()
+      .matches("android.intent.action.%") and // filter out anything that is android intent (e.g. don't just filter out MAIN) because I think those are fine (but need to look at docs to confirm)
+  //not compElem.getAnIntentFilterElement().getAnActionElement().getActionName() = "android.intent.category.LAUNCHER" and // I should add this as well, but above will techincally filter out since they always seem to occur together
+  not compElem.getFile().getRelativePath().matches("%build%") // switch to not isInBuildDirectory() once new predicate is merged into main
+select compElem, "This component is implicitly exported."