hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add guard sanitizer for component name checks

Browse Source
This commit is contained in:
Tony Torralba
2021-08-10 10:59:04 +02:00
parent 21b70a009e
commit 9a537f9c23
2 changed files with 56 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
java/ql/test/query-tests/security/CWE-940/AndroidIntentRedirectionTest.java
View File

@@ -8,45 +8,49 @@ import android.os.Bundle;
public class AndroidIntentRedirectionTest extends Activity {
public void onCreate(Bundle savedInstanceState) {
// @formatter:off
{
Intent intent = (Intent) getIntent().getParcelableExtra("forward_intent");
startActivities(new Intent[] {intent}); // $ hasAndroidIntentRedirection
startActivities(new Intent[] {intent}, null); // $ hasAndroidIntentRedirection
Intent intent = (Intent) getIntent().getParcelableExtra("forward_intent");
if (intent.getComponent().getPackageName().equals("something")) {
startActivity(intent); // Safe - sanitized
} else {
startActivity(intent); // $ hasAndroidIntentRedirection
startActivity(intent, null); // $ hasAndroidIntentRedirection
startActivityAsUser(intent, null); // $ hasAndroidIntentRedirection
startActivityAsUser(intent, null, null); // $ hasAndroidIntentRedirection
startActivityAsCaller(intent, null, false, 0); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0, null); // $ hasAndroidIntentRedirection
startActivityForResult(null, intent, 0, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, null, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null); // $ hasAndroidIntentRedirection
}
{
Intent intent = (Intent) getIntent().getParcelableExtra("forward_intent");
startService(intent); // $ hasAndroidIntentRedirection
startServiceAsUser(intent, null); // $ hasAndroidIntentRedirection
}
{
Intent intent = (Intent) getIntent().getParcelableExtra("forward_intent");
sendBroadcast(intent); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null, null); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null, 0); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null, 0); // $ hasAndroidIntentRedirection
sendBroadcastWithMultiplePermissions(intent, null); // $ hasAndroidIntentRedirection
sendStickyBroadcast(intent); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null, null); // $ hasAndroidIntentRedirection
sendStickyOrderedBroadcast(intent, null, null, 0, null, null); // $ hasAndroidIntentRedirection
sendStickyOrderedBroadcastAsUser(intent, null, null, null, 0, null, null); // $ hasAndroidIntentRedirection
if (intent.getComponent().getClassName().equals("something")) {
startActivity(intent); // Safe - sanitized
} else {
startActivity(intent); // $ hasAndroidIntentRedirection
}
// @formatter:off
startActivities(new Intent[] {intent}); // $ hasAndroidIntentRedirection
startActivities(new Intent[] {intent}, null); // $ hasAndroidIntentRedirection
startActivity(intent); // $ hasAndroidIntentRedirection
startActivity(intent, null); // $ hasAndroidIntentRedirection
startActivityAsUser(intent, null); // $ hasAndroidIntentRedirection
startActivityAsUser(intent, null, null); // $ hasAndroidIntentRedirection
startActivityAsCaller(intent, null, false, 0); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0, null); // $ hasAndroidIntentRedirection
startActivityForResult(null, intent, 0, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, null, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null); // $ hasAndroidIntentRedirection
startService(intent); // $ hasAndroidIntentRedirection
startServiceAsUser(intent, null); // $ hasAndroidIntentRedirection
sendBroadcast(intent); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null, null); // $ hasAndroidIntentRedirection
sendBroadcast(intent, null, 0); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null, null); // $ hasAndroidIntentRedirection
sendBroadcastAsUser(intent, null, null, 0); // $ hasAndroidIntentRedirection
sendBroadcastWithMultiplePermissions(intent, null); // $ hasAndroidIntentRedirection
sendStickyBroadcast(intent); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null, null); // $ hasAndroidIntentRedirection
sendStickyOrderedBroadcast(intent, null, null, 0, null, null); // $ hasAndroidIntentRedirection
sendStickyOrderedBroadcastAsUser(intent, null, null, null, 0, null, null); // $ hasAndroidIntentRedirection
// @formatter:on
}
}