hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added more sinks

Browse Source
This commit is contained in:
Tony Torralba
2021-10-08 18:00:54 +02:00
parent 1e3e48132c
commit 9e3594fcf1
3 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
View File

@@ -30,7 +30,12 @@ private class PendingIntentSentSinkModels extends SinkModelCsv {
"android.app;NotificationManager;true;notify;(int,Notification);;Argument[1];pending-intent-sent",
"android.app;NotificationManager;true;notify;(String,int,Notification);;Argument[2];pending-intent-sent",
"android.app;NotificationManager;true;notifyAsPackage;(String,String,int,Notification);;Argument[3];pending-intent-sent",
"android.app;NotificationManager;true;notifyAsUser;(String,int,Notification,UserHandle);;Argument[2];pending-intent-sent"
"android.app;NotificationManager;true;notifyAsUser;(String,int,Notification,UserHandle);;Argument[2];pending-intent-sent",
"android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String,Bundle);;Argument[2];pending-intent-sent",
"android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String);;Argument[2];pending-intent-sent",
"android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler);;Argument[2];pending-intent-sent",
"android.app;PendingIntent;false;send;(Context,int,Intent);;Argument[2];pending-intent-sent",
"android.app;Activity;true;setResult;(int,Intent);;Argument[1];pending-intent-sent"
]
}
}
@@ -40,6 +45,8 @@ private class DefaultIntentRedirectionSinkModel extends SinkModelCsv {
override predicate row(string row) {
row =
[
"android.app;Activity;true;bindService;;;Argument[0];intent-start",
"android.app;Activity;true;bindServiceAsUser;;;Argument[0];intent-start",
"android.app;Activity;true;startActivityAsCaller;;;Argument[0];intent-start",
"android.app;Activity;true;startActivityForResult;(Intent,int);;Argument[0];intent-start",
"android.app;Activity;true;startActivityForResult;(Intent,int,Bundle);;Argument[0];intent-start",

4
java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll
View File

@@ -60,11 +60,11 @@ private class ImplicitPendingIntentCreation extends Expr {
private class SendPendingIntent extends DataFlow::Node {
SendPendingIntent() {
sinkNode(this, "intent-start") and
// startService can't actually start implicit intents since API 21
// implicit intents can't be started as services since API 21
not exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.getDeclaringType().getASupertype*() instanceof TypeContext and
m.getName().matches("start%Service%") and
m.getName().matches(["start%Service%", "bindService%"]) and
this.asExpr() = ma.getArgument(0)
)
or