Setting null Components is not a sanitizer

2026-04-29 18:55:14 +02:00 · 2021-12-21 12:38:20 +01:00
parent a59a4024a5
commit a9757fbc83
2 changed files with 4 additions and 14 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll
@@ -99,6 +99,7 @@ class ExplicitIntent extends Expr {
      ma.getMethod() = m and
      m.getDeclaringType() instanceof TypeIntent and
      m.hasName(["setPackage", "setClass", "setClassName", "setComponent"]) and
+      not exists(NullLiteral nullLiteral | DataFlow::localExprFlow(nullLiteral, ma.getAnArgument())) and
      ma.getQualifier() = this
    )
    or
--- a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
+++ b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
@@ -34,6 +34,9 @@ public class ImplicitPendingIntentsTest {
            ctx.startService(fwdIntent); // Safe
            ctx.sendBroadcast(fwdIntent); // $hasImplicitPendingIntent

+            fwdIntent.setComponent(null); // Not a sanitizer
+            ctx.startActivity(fwdIntent); // $hasImplicitPendingIntent
+
            fwdIntent.setPackage("a.safe.package"); // Sanitizer
            ctx.startActivity(fwdIntent); // Safe
        }
@@ -285,19 +288,5 @@ public class ImplicitPendingIntentsTest {
            mPendingIntent = PendingIntent.getActivity(getContext(), 0, baseIntent, 0);
            return true;
        }
-
-        // Implementations needed for compilation
-
-        @Override
-        public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts,
-                CancellationSignal signal) throws RemoteException, FileNotFoundException {
-            return null;
-        }
-
-        @Override
-        public Bundle call(String authority, String method, String arg, Bundle extras)
-                throws RemoteException {
-            return null;
-        }
    }
 }