hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with)

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-15 11:03:38 +00:00
parent 2ca164ce35
commit d806fcae3d
3 changed files with 11 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/ext/android.app.model.yml
View File

@@ -39,9 +39,9 @@ extensions:
- ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,PendingIntent$OnFinished,Handler,String)", "", "Argument[2]", "pending-intents", "manual"]
- ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,PendingIntent$OnFinished,Handler,String,Bundle)", "", "Argument[2]", "pending-intents", "manual"]
- ["android.app", "Notification$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["android.app", "Notification$Action$Builder", True, "Builder", "(Icon,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["android.app", "Notification$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["android.app", "Notification$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["android.app", "Notification$Action$Builder", True, "Builder", "(Icon,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["android.app", "Notification$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["android.app", "Notification$Action$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$BigPictureStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$BigPictureStyle", True, "setContentDescription", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
@@ -60,7 +60,6 @@ extensions:
- ["android.app", "Notification$Builder", True, "setCustomBigContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setCustomContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setCustomHeadsUpContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setDeleteIntent", "(PendingIntent)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setGroup", "(String)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setRemoteInputHistory", "(CharSequence[])", "", "Argument[0]", "notification", "manual"]
@@ -69,15 +68,11 @@ extensions:
- ["android.app", "Notification$Builder", True, "setSubText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setTicker", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$Builder", True, "setTicker", "(CharSequence,RemoteViews)", "", "Argument[0..1]", "notification", "manual"]
- ["android.app", "Notification$CallStyle", True, "forIncomingCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["android.app", "Notification$CallStyle", True, "forOngoingCallCall", "(Person,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["android.app", "Notification$CallStyle", True, "forScreeningCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["android.app", "Notification$CallStyle", True, "setVerificationText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$InboxStyle", True, "addLine", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$InboxStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$InboxStyle", True, "setSummaryText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$MediaStyle", True, "setRemotePlaybackInfo", "(CharSequence,int,PendingIntent)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$MediaStyle", True, "setRemotePlaybackInfo", "(CharSequence,int,PendingIntent)", "", "Argument[2]", "notification", "manual"]
- ["android.app", "Notification$MessagingStyle", True, "MessagingStyle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$MessagingStyle", True, "addMessage", "(CharSequence,long,CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["android.app", "Notification$MessagingStyle", True, "addMessage", "(CharSequence,long,CharSequence)", "", "Argument[2]", "notification", "manual"]

12
java/ql/lib/ext/androidx.core.app.model.yml
View File

@@ -10,9 +10,9 @@ extensions:
- ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intents", "manual"]
- ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intents", "manual"]
- ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setContentDescription", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
@@ -20,7 +20,7 @@ extensions:
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "bigText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setSummaryText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCategory", "(String)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setChannelId", "(String)", "", "Argument[0]", "notification", "manual"]
@@ -31,7 +31,6 @@ extensions:
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomBigContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomHeadsUpContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setDeleteIntent", "(PendingIntent)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setGroup", "(String)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setRemoteInputHistory", "(CharSequence[])", "", "Argument[0]", "notification", "manual"]
@@ -40,9 +39,6 @@ extensions:
- ["androidx.core.app", "NotificationCompat$Builder", True, "setSubText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setTicker", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$Builder", True, "setTicker", "(CharSequence,RemoteViews)", "", "Argument[0..1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forIncomingCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forOngoingCallCall", "(Person,PendingIntent)", "", "Argument[1]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forScreeningCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "setVerificationText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$InboxStyle", True, "addLine", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
- ["androidx.core.app", "NotificationCompat$InboxStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]

31
java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/Test.java
View File

@@ -14,9 +14,6 @@ class Test extends Activity {
Intent intent = new Intent();
intent.putExtra("a", password);
PendingIntent pintent = PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE);
builder.setContentIntent(pintent); // $MISSING: sensitive-notification // missing model for getActivity
builder.setDeleteIntent(pintent); // $MISSING: sensitive-notification
builder.addExtras(intent.getExtras()); // $sensitive-notification
builder.setCategory(password); // $sensitive-notification
@@ -42,9 +39,8 @@ class Test extends Activity {
.addLine(password) // $sensitive-notification
.setBigContentTitle(password) // $sensitive-notification
.setSummaryText(password)); // $sensitive-notification
// builder.setStyle(new Notification.MediaStyle()
// .setRemotePlaybackInfo(password, 0, null) // $sensitive-notification
// .setRemotePlaybackInfo("", 0, pintent)); // $MISSING: sensitive-notification
builder.setStyle(new Notification.MediaStyle()
.setRemotePlaybackInfo(password, 0, null)); // $sensitive-notification
builder.setStyle(
new Notification.MessagingStyle(password) // $sensitive-notification
.setConversationTitle(password) // $sensitive-notification
@@ -57,21 +53,13 @@ class Test extends Activity {
);
builder.addAction(0, password, null); // $sensitive-notification
builder.addAction(0, "", pintent); // $MISSING: sensitive-notification
builder.addAction(new Notification.Action(0, password, null)); // $sensitive-notification
builder.addAction(new Notification.Action(0, "", pintent)); // $MISSING: sensitive-notification
builder.addAction(new Notification.Action.Builder(0, password, null) // $sensitive-notification
.addExtras(intent.getExtras()) // $sensitive-notification
.build());
builder.addAction(new Notification.Action.Builder(null, password, null).build()); // $sensitive-notification
builder.addAction(new Notification.Action.Builder(0, "", pintent).build()); // $MISSING: sensitive-notification
builder.addAction(new Notification.Action.Builder(null, "", pintent).build()); // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forIncomingCall(null, pintent, null)); // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forIncomingCall(null, null, pintent)); // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forOngoingCall(null, pintent)); // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forScreeningCall(null, pintent, null)); // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, pintent) // $MISSING: sensitive-notification
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, null)
.setVerificationText(password)); // $sensitive-notification
}
@@ -92,9 +80,6 @@ class Test extends Activity {
Intent intent = new Intent();
intent.putExtra("a", password);
PendingIntent pintent = PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE);
builder.setContentIntent(pintent); // $MISSING: sensitive-notification // missing model for getActivity
builder.setDeleteIntent(pintent); // $MISSING: sensitive-notification
builder.addExtras(intent.getExtras()); // $sensitive-notification
builder.setCategory(password); // $sensitive-notification
@@ -132,21 +117,13 @@ class Test extends Activity {
);
builder.addAction(0, password, null); // $sensitive-notification
builder.addAction(0, "", pintent); // $MISSING: sensitive-notification
builder.addAction(new NotificationCompat.Action(0, password, null)); // $sensitive-notification
builder.addAction(new NotificationCompat.Action(0, "", pintent)); // $MISSING: sensitive-notification
builder.addAction(new NotificationCompat.Action.Builder(0, password, null) // $sensitive-notification
.addExtras(intent.getExtras()) // $sensitive-notification
.build());
builder.addAction(new NotificationCompat.Action.Builder(null, password, null).build()); // $sensitive-notification
builder.addAction(new NotificationCompat.Action.Builder(0, "", pintent).build()); // $MISSING: sensitive-notification
builder.addAction(new NotificationCompat.Action.Builder(null, "", pintent).build()); // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forIncomingCall(null, pintent, null)); // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forIncomingCall(null, null, pintent)); // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forOngoingCall(null, pintent)); // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, pintent, null)); // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, null, pintent) // $MISSING: sensitive-notification
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, null, null)
.setVerificationText(password)); // $sensitive-notification
}
}