Add qhelp

2026-04-27 17:55:19 +02:00 · 2022-04-27 16:04:06 +01:00
parent 4aed1a1e23
commit 8e2e8cc77f
3 changed files with 68 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-925/Bad.java
+++ b/java/ql/src/Security/CWE/CWE-925/Bad.java
@@ -0,0 +1,13 @@
+...
+IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
+BroadcastReceiver sReceiver = new ShutDownReceiver();
+context.registerReceiver(sReceiver, filter);
+...
+
+public class ShutdownReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(final Context context, final Intent intent) {
+        mainActivity.saveLocalData();
+        mainActivity.stopActivity();
+    }
+}
--- a/java/ql/src/Security/CWE/CWE-925/Good.java
+++ b/java/ql/src/Security/CWE/CWE-925/Good.java
@@ -0,0 +1,16 @@
+...
+IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
+BroadcastReceiver sReceiver = new ShutDownReceiver();
+context.registerReceiver(sReceiver, filter);
+...
+
+public class ShutdownReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(final Context context, final Intent intent) {
+        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {
+            return;
+        }
+        mainActivity.saveLocalData();
+        mainActivity.stopActivity();
+    }
+}
--- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
+++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
@@ -0,0 +1,39 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+
+<qhelp>
+
+<overview>
+<p>
+When an android application uses a <code>BroadcastReciever</code> to receive Intents, 
+it is also able to receive explicit Intents that are sent drctly to it, egardless of its filter.
+
+Certain intent actions are only able to be sent by the operating system, not third-party applications. 
+However, a <code>BroadcastReceiver</code> that is registered to recieve system intents is still able to recieve 
+other intents from a third-party application, so it should check that the intent received has the expected action.
+Otherwise, a third-party application could impersonate the system this way and cause unintended behaviour, such as a denial of service.
+</p>
+</overview>
+
+<example>
+  <p>In the following code, the <code>ShutdownReceiver</code> initiates a shutdown procedure upon receiving an Intent, 
+  without checking that the received action is indeed <code>ACTION_SHUTDOWN</code>. This allows third-party applications to 
+  send explicit intents to this receiver to cause a denial of service.</p>
+<sample src="Bad.java" />
+</example>
+
+<recommendation>
+<p>
+In the <code>onReceive</code> method of a <code>BroadcastReciever</code>, the action of the received Intent should be checked. The following code demonstrates this.
+</p>
+<sample src="Good.java" />
+</recommendation>
+
+
+
+<references>
+
+</references>
+
+</qhelp>