hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10684 from joefarebrother/android-keyboard-cache

Browse Source 
Java: Add query for Sensitive Keyboard Cache
This commit is contained in:
Joe Farebrother
2022-11-16 15:27:44 +00:00
committed by GitHub
parent dfc72edba2 cc960377ac
commit d6c5132f39
13 changed files with 296 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="com.example.test">
</manifest>

8
java/ql/test/query-tests/security/CWE-524/R.java Normal file
View File

@@ -0,0 +1,8 @@
package com.example.test;
public final class R {
public static final class id {
public static final int test7_password = 1;
public static final int test8_password = 2;
}
}

0
java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import semmle.code.java.security.SensitiveKeyboardCacheQuery
import TestUtilities.InlineExpectationsTest
class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
SensitiveKeyboardCacheTest() { this = "SensitiveKeyboardCacheTest" }
override string getARelevantTag() { result = "hasResult" }
override predicate hasActualResult(Location loc, string element, string tag, string value) {
exists(AndroidEditableXmlElement el |
el = getASensitiveCachedInput() and
loc = el.getLocation() and
element = el.toString() and
tag = "hasResult" and
value = ""
)
}
}

16
java/ql/test/query-tests/security/CWE-524/Test.java Normal file
View File

@@ -0,0 +1,16 @@
package com.example.test;
import android.app.Activity;
import android.os.Bundle;
import android.widget.EditText;
import android.view.View;
import android.text.InputType;
class Test extends Activity {
public void onCreate(Bundle b) {
EditText test7pw = findViewById(R.id.test7_password);
test7pw.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS);
EditText test8pw = requireViewById(R.id.test8_password);
test8pw.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
}
}

1
java/ql/test/query-tests/security/CWE-524/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0

35
java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml Normal file
View File

@@ -0,0 +1,35 @@
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto">
<!-- $hasResult --> <EditText
android:id="@+id/test1_password"
android:inputType="text"/>
<EditText
android:id="@+id/test2_safe"
android:inputType="text"/>
<EditText
android:id="@+id/test3_password"
android:inputType="textNoSuggestions"/>
<EditText
android:id="@+id/test4_password"
android:inputType="textPassword"/>
<!-- $hasResult --> <EditText
android:id="@+id/test5_bank_account_name"
android:inputType="textMultiLine"/>
<!-- $hasResult --> <EditText
android:id="@+id/test6_password"/>
<EditText
android:id="@+id/test7_password"/>
<EditText
android:id="@+id/test8_password"/>
</LinearLayout>