hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added tests

Browse Source
This commit is contained in:
Tony Torralba
2021-09-30 11:29:01 +02:00
parent d0077b8c12
commit d43242d09e
3 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.expected Normal file
View File

78
java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java Normal file
View File

@@ -0,0 +1,78 @@
package com.example.test;
import android.app.Activity;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
public class ImplicitPendingIntentsTest {
public static void test(Context ctx) throws PendingIntent.CanceledException {
{
Intent baseIntent = new Intent();
PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, 0);
Intent fwdIntent = new Intent();
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // $hasTaintFlow
ctx.startActivities(new Intent[] {fwdIntent}); // $hasTaintFlow
ctx.startService(fwdIntent); // Safe
ctx.sendBroadcast(fwdIntent); // $hasTaintFlow
fwdIntent.setPackage("a.safe.package"); // Sanitizer
ctx.startActivity(fwdIntent); // Safe
}
{
Intent safeIntent = new Intent(ctx, Activity.class); // Sanitizer
PendingIntent pi = PendingIntent.getActivity(ctx, 0, safeIntent, 0);
Intent fwdIntent = new Intent();
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // Safe
}
{
Intent safeIntent = new Intent();
safeIntent.setClass(ctx, Object.class); // Sanitizer
PendingIntent pi = PendingIntent.getActivity(ctx, 0, safeIntent, 0);
Intent fwdIntent = new Intent();
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // Safe
}
{
Intent baseIntent = new Intent();
PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, 0);
Intent fwdIntent = new Intent(ctx, Activity.class); // Sanitizer
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // Safe
}
{
Intent baseIntent = new Intent();
PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, 0);
Intent fwdIntent = new Intent();
fwdIntent.setPackage("a.safe.package"); // Sanitizer
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // Safe
}
{
Intent baseIntent = new Intent();
int flag = PendingIntent.FLAG_IMMUTABLE;
PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, flag); // Sanitizer
Intent fwdIntent = new Intent();
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // Safe
}
{
Intent baseIntent = new Intent();
int flag = PendingIntent.FLAG_IMMUTABLE | PendingIntent.FLAG_ONE_SHOT;
PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, flag); // Sanitizer
Intent fwdIntent = new Intent();
fwdIntent.putExtra("fwdIntent", pi);
ctx.startActivity(fwdIntent); // $ SPURIOUS: $ hasTaintFlow
}
}
}

11
java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.ql Normal file
View File

@@ -0,0 +1,11 @@
import java
import semmle.code.java.security.ImplicitPendingIntentsQuery
import TestUtilities.InlineFlowTest
class ImplicitPendingIntentsTest extends InlineFlowTest {
override DataFlow::Configuration getValueFlowConfig() { none() }
override DataFlow::Configuration getTaintFlowConfig() {
result instanceof ImplicitPendingIntentStartConf
}
}