Move detection of Android app to one place

2026-04-25 00:35:20 +02:00 · 2024-06-24 12:13:10 +01:00
parent c7ad0ad406
commit 9c82966022
3 changed files with 13 additions and 6 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
@@ -5,6 +5,9 @@
 import java
 private import semmle.code.xml.AndroidManifest

+/** Holds if this database is of an Android application. */
+predicate isAndroid() { exists(AndroidManifestXmlFile m) }
+
 /**
 * Gets a reflexive/transitive superType
 */
--- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -6,6 +6,7 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.frameworks.Networking
 import semmle.code.java.security.Encryption
 import semmle.code.java.security.HttpsUrls
+private import semmle.code.java.frameworks.android.Android as Android

 /** An Android Network Security Configuration XML file. */
 class AndroidNetworkSecurityConfigFile extends XmlFile {
@@ -19,8 +20,12 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
  }
 }

-/** Holds if this database is of an Android application. */
-predicate isAndroid() { exists(AndroidManifestXmlFile m) }
+/**
+ * DEPRECATED. Use `semmle.code.java.frameworks.android.Android::isAndroid` instead.
+ *
+ * Holds if this database is of an Android application.
+ */
+deprecated predicate isAndroid() { Android::isAndroid() }

 /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
 private predicate trustedDomainViaXml(string domainName) {
@@ -122,7 +127,7 @@ private module UntrustedUrlFlow = TaintTracking::Global<UntrustedUrlConfig>;

 /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
 predicate missingPinning(MissingPinningSink node, string domain) {
-  isAndroid() and
+  Android::isAndroid() and
  exists(DataFlow::Node src | UntrustedUrlFlow::flow(src, node) |
    if trustedDomain(_) then domain = getDomain(src.asExpr()) else domain = ""
  )
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
@@ -6,16 +6,15 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.CleartextStorageQuery
-import semmle.code.xml.AndroidManifest
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSinks
 private import semmle.code.java.dataflow.FlowSources
+private import semmle.code.java.frameworks.android.Android

 private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink {
  AndroidFilesystemCleartextStorageSink() {
    filesystemInput(_, this.asExpr()) and
-    // Make sure we are in an Android application.
-    exists(AndroidManifestXmlFile manifest)
+    isAndroid()
  }
 }