Add unit test

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/Test.java

@@ -0,0 +1,13 @@
+import android.app.Activity;
+import androidx.core.app.NotificationCompat;
+import androidx.core.app.NotificationManagerCompat;
+
+class Test extends Activity {
+    void test(String password) {
+        NotificationManagerCompat manager = NotificationManagerCompat.from(this);
+
+        NotificationCompat.Builder builder = new NotificationCompat.Builder(this, "");
+        builder.setContentText(password);
+        manager.notify(0, builder.build()); // sensitive-notification
+    }
+}

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/google-android-9.0.0

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/test.expected

@@ -0,0 +1,2 @@
+testFailures
+failures

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/test.ql

@@ -0,0 +1,19 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.security.SensitiveUiQuery
+
+module SensitiveNotifTest implements TestSig {
+  string getARelevantTag() { result = "sensitive-notification" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "sensitive-notification" and
+    exists(DataFlow::Node sink | NotificationTracking::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<SensitiveNotifTest>