first draft of query and tests

2026-05-01 03:35:13 +02:00 · 2022-08-04 09:58:10 -04:00
parent 3e09d86a4f
commit 8d5bbc458f
3 changed files with 51 additions and 20 deletions
--- a/java/ql/test/query-tests/security/CWE-926/AndroidManifest.xml
+++ b/java/ql/test/query-tests/security/CWE-926/AndroidManifest.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.happybirthday">
+
+    <application
+        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.HappyBirthday"
+        tools:targetApi="31">  <!-- test -->
+        <!-- $ hasImplicitExport --> <activity
+            android:name=".MainActivity">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application> <!-- test -->
+
+</manifest>
--- a/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql
+++ b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql
@@ -2,21 +2,20 @@ import java
 import semmle.code.xml.AndroidManifest
 import TestUtilities.InlineExpectationsTest

-// TODO: update for implicit export query
-class DebuggableAttributeTrueTest extends InlineExpectationsTest {
-  DebuggableAttributeTrueTest() { this = "DebuggableAttributeEnabledTest" }
+class ImplicitlyExportedAndroidComponentTest extends InlineExpectationsTest {
+  ImplicitlyExportedAndroidComponentTest() { this = "ImplicitlyExportedAndroidComponentTest" }

-  override string getARelevantTag() { result = "hasDebuggableAttributeEnabled" }
+  override string getARelevantTag() { result = "hasImplicitExport" }

  override predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasDebuggableAttributeEnabled" and
-    exists(AndroidXmlAttribute androidXmlAttr |
-      androidXmlAttr.getName() = "debuggable" and
-      androidXmlAttr.getValue() = "true" and
-      not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%")
+    tag = "hasImplicitExport" and
+    exists(AndroidComponentXmlElement compElem, AndroidIntentFilterXmlElement intFiltElem |
+      not compElem.hasAttribute("exported") and
+      //compElem.getAnIntentFilterElement() instanceof AndroidIntentFilterXmlElement
+      not intFiltElem.getParent() = compElem
    |
-      androidXmlAttr.getLocation() = location and
-      element = androidXmlAttr.toString() and
+      compElem.getLocation() = location and
+      element = compElem.toString() and
      value = ""
    )
  }