hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Moved allowBackup query logic to allowsBackup pred

Browse Source
This commit is contained in:
Ed Minnix
2022-09-07 12:08:25 -04:00
parent 5206c792b0
commit c69a2be976
2 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/semmle/code/xml/AndroidManifest.qll
View File

@@ -79,10 +79,20 @@ class AndroidApplicationXmlElement extends XmlElement {
* https://developer.android.com/guide/topics/data/autobackup * https://developer.android.com/guide/topics/data/autobackup
*/ */
predicate allowsBackup() { predicate allowsBackup() {
not exists(AndroidXmlAttribute attr | not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
this.getAnAttribute() = attr and (
attr.getName() = "allowBackup" and // explicitly sets android:allowBackup="true"
attr.getValue() = "false" this.allowsBackupExplicitly()
or
// Manifest providing the main intent for an application, and does not explicitly
// disallow the allowBackup attribute
this.providesMainIntent() and
// Check that android:allowBackup="false" is not present
not exists(AndroidXmlAttribute attr |
this.getAnAttribute() = attr and
attr.getName() = "allowBackup" and
attr.getValue() = "false"
)
) )
} }
@@ -91,7 +101,7 @@ class AndroidApplicationXmlElement extends XmlElement {
* *
* https://developer.android.com/guide/topics/data/autobackup * https://developer.android.com/guide/topics/data/autobackup
*/ */
predicate allowsBackupExplicitly() { private predicate allowsBackupExplicitly() {
exists(AndroidXmlAttribute attr | exists(AndroidXmlAttribute attr |
this.getAnAttribute() = attr and this.getAnAttribute() = attr and
attr.getName() = "allowBackup" and attr.getName() = "allowBackup" and
@@ -103,7 +113,7 @@ class AndroidApplicationXmlElement extends XmlElement {
* Holds if the application element contains a child element which provides the * Holds if the application element contains a child element which provides the
* `android.intent.action.MAIN` intent. * `android.intent.action.MAIN` intent.
*/ */
predicate providesMainIntent() { private predicate providesMainIntent() {
exists(AndroidActivityXmlElement activity | exists(AndroidActivityXmlElement activity |
activity = this.getAChild() and activity = this.getAChild() and
exists(AndroidIntentFilterXmlElement intentFilter | exists(AndroidIntentFilterXmlElement intentFilter |

12
java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
View File

@@ -14,15 +14,5 @@ import java
import semmle.code.xml.AndroidManifest import semmle.code.xml.AndroidManifest
from AndroidApplicationXmlElement androidAppElem from AndroidApplicationXmlElement androidAppElem
where where androidAppElem.allowsBackup()
not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
(
// explicitly sets android:allowBackup=true
androidAppElem.allowsBackupExplicitly()
or
// Manifest providing the main intent for an application, and does not explicitly
// disallow the allowBackup attribute
androidAppElem.providesMainIntent() and
androidAppElem.allowsBackup()
)
select androidAppElem, "The 'android:allowBackup' attribute is enabled." select androidAppElem, "The 'android:allowBackup' attribute is enabled."