hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update names to new naming convention

Browse Source
This commit is contained in:
Ed Minnix
2023-03-10 15:13:58 -05:00
parent e2acc26419
commit b6eeac5bc8
3 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/lib/semmle/code/java/security/ArbitraryApkInstallationQuery.qll
View File

@@ -9,7 +9,7 @@ private import semmle.code.java.security.ArbitraryApkInstallation
* A dataflow configuration for flow from an external source of an APK to the
* `setData[AndType][AndNormalize]` method of an intent.
*/
private module ApkConf implements DataFlow::ConfigSig {
private module ApkInstallationConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof ExternalApkSource }
predicate isSink(DataFlow::Node node) {
@@ -17,15 +17,15 @@ private module ApkConf implements DataFlow::ConfigSig {
ma.getMethod() instanceof SetDataMethod and
ma.getArgument(0) = node.asExpr() and
(
PackageArchiveMimeTypeConfiguration::hasFlowToExpr(ma.getQualifier())
PackageArchiveMimeTypeFlow::hasFlowToExpr(ma.getQualifier())
or
InstallPackageActionConfiguration::hasFlowToExpr(ma.getQualifier())
InstallPackageActionFlow::hasFlowToExpr(ma.getQualifier())
)
)
}
}
module ApkConfiguration = DataFlow::Make<ApkConf>;
module ApkInstallationFlow = DataFlow::Make<ApkInstallationConfiguration>;
/**
* A dataflow configuration tracking the flow from the `android.content.Intent.ACTION_INSTALL_PACKAGE`
@@ -33,7 +33,7 @@ module ApkConfiguration = DataFlow::Make<ApkConf>;
*
* This is used to track if an intent is used to install an APK.
*/
private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
private module InstallPackageActionConfiguration implements DataFlow::StateConfigSig {
class FlowState = string;
predicate isSource(DataFlow::Node source, FlowState state) {
@@ -69,15 +69,15 @@ private module InstallPackageActionConfig implements DataFlow::StateConfigSig {
predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
}
private module InstallPackageActionConfiguration =
TaintTracking::MakeWithState<InstallPackageActionConfig>;
private module InstallPackageActionFlow =
TaintTracking::MakeWithState<InstallPackageActionConfiguration>;
/**
* A dataflow configuration tracking the flow of the Android APK MIME type to
* the `setType` or `setTypeAndNormalize` method of an intent, followed by a call
* to `setData[AndType][AndNormalize]`.
*/
private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig {
private module PackageArchiveMimeTypeConfiguration implements DataFlow::StateConfigSig {
class FlowState = string;
predicate isSource(DataFlow::Node node, FlowState state) {
@@ -111,5 +111,5 @@ private module PackageArchiveMimeTypeConfig implements DataFlow::StateConfigSig
predicate isBarrier(DataFlow::Node node, FlowState state) { none() }
}
private module PackageArchiveMimeTypeConfiguration =
TaintTracking::MakeWithState<PackageArchiveMimeTypeConfig>;
private module PackageArchiveMimeTypeFlow =
TaintTracking::MakeWithState<PackageArchiveMimeTypeConfiguration>;

6
java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
View File

@@ -12,8 +12,8 @@
import java
import semmle.code.java.security.ArbitraryApkInstallationQuery
import ApkConfiguration::PathGraph
import ApkInstallationFlow::PathGraph
from ApkConfiguration::PathNode source, ApkConfiguration::PathNode sink
where ApkConfiguration::hasFlowPath(source, sink)
from ApkInstallationFlow::PathNode source, ApkInstallationFlow::PathNode sink
where ApkInstallationFlow::hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Arbitrary Android APK installation."

2
java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
View File

@@ -10,7 +10,7 @@ class HasApkInstallationTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasApkInstallation" and
exists(DataFlow::Node sink | ApkConfiguration::hasFlowTo(sink) |
exists(DataFlow::Node sink | ApkInstallationFlow::hasFlowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""