Remove checks for dynamically registered recievers

2025-12-21 19:26:31 +01:00 · 2022-05-31 15:26:48 +01:00
parent 320c671b73
commit c71586e1f8
7 changed files with 15 additions and 119 deletions
--- a/java/ql/src/Security/CWE/CWE-925/AndroidManifest.xml
+++ b/java/ql/src/Security/CWE/CWE-925/AndroidManifest.xml
@@ -0,0 +1,9 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="test">
+    <application>
+        <receiver android:name=".BootReceiverXml">
+            <intent-filter>
+                <action android:name="android.intent.action.BOOT_COMPLETED" />
+            </intent-filter>
+        </receiver>
+    </application>
+</manifest>
--- a/java/ql/src/Security/CWE/CWE-925/Bad.java
+++ b/java/ql/src/Security/CWE/CWE-925/Bad.java
@@ -1,9 +1,3 @@
-// ...
-IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
-BroadcastReceiver sReceiver = new ShutDownReceiver();
-context.registerReceiver(sReceiver, filter);
-// ...
-
 public class ShutdownReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(final Context context, final Intent intent) {
--- a/java/ql/src/Security/CWE/CWE-925/Good.java
+++ b/java/ql/src/Security/CWE/CWE-925/Good.java
@@ -1,9 +1,3 @@
-// ...
-IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
-BroadcastReceiver sReceiver = new ShutDownReceiver();
-context.registerReceiver(sReceiver, filter);
-// ...
-
 public class ShutdownReceiver extends BroadcastReceiver {
    @Override
    public void onReceive(final Context context, final Intent intent) {
--- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
+++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
@@ -21,6 +21,7 @@ Otherwise, a third-party application could impersonate the system this way and c
  without checking that the received action is indeed <code>ACTION_SHUTDOWN</code>. This allows third-party applications to 
  send explicit intents to this receiver to cause a denial of service.</p>
 <sample src="Bad.java" />
+<sample src="AndroidManifest.xml" />
 </example>

 <recommendation>
--- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
@@ -13,7 +13,7 @@
 import java
 import semmle.code.java.security.ImproperIntentVerificationQuery

-from Top reg, Method orm, SystemActionName sa
+from AndroidReceiverXmlElement reg, Method orm, SystemActionName sa
 where unverifiedSystemReceiver(reg, orm, sa)
 select orm, "This reciever doesn't verify intents it receives, and is registered $@ to receive $@.",
  reg, "here", sa, "the system action " + sa.getName()