Fix unbound field

Add tests for non-exported providers
2026-05-05 13:45:19 +02:00 · 2021-09-27 12:58:28 +02:00
parent 99881db8bd
commit d5f675c2dc
4 changed files with 183 additions and 3 deletions
--- a/java/ql/test/library-tests/frameworks/android/content-provider/AndroidManifest.xml
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/AndroidManifest.xml
@@ -27,5 +27,10 @@
            android:name=".Test"
            android:authority="com.example.myapp.Test"
            android:exported="true" />
+
+        <provider
+            android:name=".Safe"
+            android:authority="com.example.myapp.Safe"
+            android:exported="false" />
    </application>
 </manifest>
--- a/java/ql/test/library-tests/frameworks/android/content-provider/Safe.java
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/Safe.java
@@ -0,0 +1,174 @@
+package com.example.app;
+
+import java.io.FileNotFoundException;
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.content.res.AssetFileDescriptor;
+import android.database.Cursor;
+import android.net.Uri;
+import android.os.Bundle;
+import android.os.CancellationSignal;
+import android.os.ParcelFileDescriptor;
+import android.os.RemoteException;
+
+// This Content Provider isn't exported, so there shouldn't be any flow
+public class Safe extends ContentProvider {
+
+	void sink(Object o) {}
+
+	@Override
+	public Bundle call(String authority, String method, String arg, Bundle extras) {
+		sink(authority);
+		sink(method);
+		sink(arg);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	public Bundle call(String method, String arg, Bundle extras) {
+		sink(method);
+		sink(arg);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public int delete(Uri uri, String selection, String[] selectionArgs) {
+		sink(uri);
+		sink(selection);
+		sink(selectionArgs);
+		return 0;
+	}
+
+	@Override
+	public int delete(Uri uri, Bundle extras) {
+		sink(uri);
+		sink(extras.get("some_key"));
+		return 0;
+	}
+
+	@Override
+	public String getType(Uri uri) {
+		sink(uri);
+		return null;
+	}
+
+	@Override
+	public Uri insert(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri);
+		sink(values);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public Uri insert(Uri uri, ContentValues values) {
+		sink(uri);
+		sink(values);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri);
+		sink(mode);
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode) {
+		sink(uri);
+		sink(mode);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts,
+			CancellationSignal signal) throws RemoteException, FileNotFoundException {
+		sink(uri);
+		sink(mimeTypeFilter);
+		sink(opts.get("some_key"));
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts)
+			throws FileNotFoundException {
+		sink(uri);
+		sink(mimeTypeFilter);
+		sink(opts.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri);
+		sink(mode);
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode) {
+		sink(uri);
+		sink(mode);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, Bundle queryArgs,
+			CancellationSignal cancellationSignal) {
+		sink(uri);
+		sink(projection);
+		sink(queryArgs.get("some_key"));
+		sink(cancellationSignal);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder) {
+		sink(uri);
+		sink(projection);
+		sink(selection);
+		sink(selectionArgs);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder, CancellationSignal cancellationSignal) {
+		sink(uri);
+		sink(projection);
+		sink(selection);
+		sink(selectionArgs);
+		sink(sortOrder);
+		sink(cancellationSignal);
+		return null;
+	}
+
+	@Override
+	public int update(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri);
+		sink(values);
+		sink(extras.get("some_key"));
+		return 0;
+	}
+
+	@Override
+	public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+		sink(uri);
+		sink(values);
+		sink(selection);
+		sink(selectionArgs);
+		return 0;
+	}
+
+
+	@Override
+	public boolean onCreate() {
+		return false;
+	}
+}
--- a/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
+++ b/java/ql/test/library-tests/frameworks/android/content-provider/test.ql
@@ -8,6 +8,4 @@ class ProviderTaintFlowConf extends DefaultTaintFlowConf {

 class ProviderInlineFlowTest extends InlineFlowTest {
  override DataFlow::Configuration getValueFlowConfig() { none() }
-
-  override DataFlow::Configuration getTaintFlowConfig() { result instanceof ProviderTaintFlowConf }
 }