Enhance the query to use sanitizer and null/empty array flow

2026-04-29 18:55:14 +02:00 · 2020-10-25 15:33:09 +00:00
parent 478771ccc5
commit d9c140dc6c
5 changed files with 166 additions and 65 deletions
--- a/java/ql/test/experimental/query-tests/security/CWE-927/SensitiveBroadcast.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/SensitiveBroadcast.expected
@@ -1,24 +1,12 @@
-edges
-| SensitiveBroadcast.java:11:34:11:38 | token : String | SensitiveBroadcast.java:13:31:13:36 | intent |
-| SensitiveBroadcast.java:12:41:12:52 | refreshToken : String | SensitiveBroadcast.java:13:31:13:36 | intent |
-| SensitiveBroadcast.java:23:33:23:40 | username : String | SensitiveBroadcast.java:25:31:25:36 | intent |
-| SensitiveBroadcast.java:24:32:24:39 | password : String | SensitiveBroadcast.java:25:31:25:36 | intent |
-| SensitiveBroadcast.java:36:40:36:47 | username : String | SensitiveBroadcast.java:39:31:39:36 | intent |
-| SensitiveBroadcast.java:37:39:37:46 | password : String | SensitiveBroadcast.java:39:31:39:36 | intent |
-nodes
-| SensitiveBroadcast.java:11:34:11:38 | token : String | semmle.label | token : String |
-| SensitiveBroadcast.java:12:41:12:52 | refreshToken : String | semmle.label | refreshToken : String |
-| SensitiveBroadcast.java:13:31:13:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:23:33:23:40 | username : String | semmle.label | username : String |
-| SensitiveBroadcast.java:24:32:24:39 | password : String | semmle.label | password : String |
-| SensitiveBroadcast.java:25:31:25:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:36:40:36:47 | username : String | semmle.label | username : String |
-| SensitiveBroadcast.java:37:39:37:46 | password : String | semmle.label | password : String |
-| SensitiveBroadcast.java:39:31:39:36 | intent | semmle.label | intent |
-#select
 | SensitiveBroadcast.java:13:31:13:36 | intent | SensitiveBroadcast.java:11:34:11:38 | token : String | SensitiveBroadcast.java:13:31:13:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:11:34:11:38 | token | sensitive information |
 | SensitiveBroadcast.java:13:31:13:36 | intent | SensitiveBroadcast.java:12:41:12:52 | refreshToken : String | SensitiveBroadcast.java:13:31:13:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:12:41:12:52 | refreshToken | sensitive information |
 | SensitiveBroadcast.java:25:31:25:36 | intent | SensitiveBroadcast.java:23:33:23:40 | username : String | SensitiveBroadcast.java:25:31:25:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:23:33:23:40 | username | sensitive information |
 | SensitiveBroadcast.java:25:31:25:36 | intent | SensitiveBroadcast.java:24:32:24:39 | password : String | SensitiveBroadcast.java:25:31:25:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:24:32:24:39 | password | sensitive information |
 | SensitiveBroadcast.java:39:31:39:36 | intent | SensitiveBroadcast.java:36:40:36:47 | username : String | SensitiveBroadcast.java:39:31:39:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:36:40:36:47 | username | sensitive information |
 | SensitiveBroadcast.java:39:31:39:36 | intent | SensitiveBroadcast.java:37:39:37:46 | password : String | SensitiveBroadcast.java:39:31:39:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:37:39:37:46 | password | sensitive information |
+| SensitiveBroadcast.java:89:54:89:59 | intent | SensitiveBroadcast.java:87:33:87:40 | username : String | SensitiveBroadcast.java:89:54:89:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:87:33:87:40 | username | sensitive information |
+| SensitiveBroadcast.java:89:54:89:59 | intent | SensitiveBroadcast.java:88:32:88:39 | password : String | SensitiveBroadcast.java:89:54:89:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:88:32:88:39 | password | sensitive information |
+| SensitiveBroadcast.java:102:54:102:59 | intent | SensitiveBroadcast.java:99:33:99:40 | username : String | SensitiveBroadcast.java:102:54:102:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:99:33:99:40 | username | sensitive information |
+| SensitiveBroadcast.java:102:54:102:59 | intent | SensitiveBroadcast.java:100:32:100:39 | password : String | SensitiveBroadcast.java:102:54:102:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:100:32:100:39 | password | sensitive information |
+| SensitiveBroadcast.java:116:54:116:59 | intent | SensitiveBroadcast.java:112:33:112:40 | username : String | SensitiveBroadcast.java:116:54:116:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:112:33:112:40 | username | sensitive information |
+| SensitiveBroadcast.java:116:54:116:59 | intent | SensitiveBroadcast.java:113:32:113:39 | password : String | SensitiveBroadcast.java:116:54:116:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:113:32:113:39 | password | sensitive information |
--- a/java/ql/test/experimental/query-tests/security/CWE-927/SensitiveBroadcast.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-927/SensitiveBroadcast.java
@@ -39,7 +39,7 @@ class SensitiveBroadcast {
        context.sendBroadcast(intent);
    }    

-    //Tests broadcast of sensitive user information with permission.
+    //Tests broadcast of sensitive user information with permission using string literal.
    public void sendBroadcast4(Context context) {
        String username = "test123";
        String password = "abc12345";
@@ -51,11 +51,24 @@ class SensitiveBroadcast {
        context.sendBroadcast(intent, "com.example.user_permission");
    }

-    //Tests broadcast of sensitive user information to a specific application.
+    //Tests broadcast of sensitive user information with permission using string object.
    public void sendBroadcast5(Context context) {
        String username = "test123";
        String password = "abc12345";
    
+        Intent intent = new Intent();
+        intent.setAction("com.example.custom_action");
+        intent.putExtra("name", username);
+        intent.putExtra("pwd", password);
+        String perm = "com.example.user_permission";
+        context.sendBroadcast(intent, perm);
+    }
+
+    //Tests broadcast of sensitive user information to a specific application.
+    public void sendBroadcast6(Context context) {
+        String username = "test123";
+        String password = "abc12345";
+    
        Intent intent = new Intent();
        intent.setAction("com.example.custom_action");
        intent.setClassName("com.example2", "com.example2.UserInfoHandler");
@@ -63,4 +76,55 @@ class SensitiveBroadcast {
        intent.putExtra("pwd", password);
        context.sendBroadcast(intent);
    }    
+
+    //Tests broadcast of sensitive user information with multiple permissions using direct empty array initialization.
+    public void sendBroadcast7(Context context) {
+        String username = "test123";
+        String password = "abc12345";
+    
+        Intent intent = new Intent();
+        intent.setAction("com.example.custom_action");
+        intent.putExtra("name", username);
+        intent.putExtra("pwd", password);
+        context.sendBroadcastWithMultiplePermissions(intent, new String[]{});
+    }    
+
+    //Tests broadcast of sensitive user information with multiple permissions using empty array initialization through a variable.
+    public void sendBroadcast8(Context context) {
+        String username = "test123";
+        String password = "abc12345";
+    
+        Intent intent = new Intent();
+        intent.setAction("com.example.custom_action");
+        intent.putExtra("name", username);
+        intent.putExtra("pwd", password);
+        String[] perms = new String[0];
+        context.sendBroadcastWithMultiplePermissions(intent, perms);
+    }    
+
+    //Tests broadcast of sensitive user information with multiple permissions using empty array initialization through two variables.
+    public void sendBroadcast9(Context context) {
+        String username = "test123";
+        String password = "abc12345";
+    
+        Intent intent = new Intent();
+        intent.setAction("com.example.custom_action");
+        intent.putExtra("name", username);
+        intent.putExtra("pwd", password);
+        String[] perms = new String[0];
+        String[] perms2 = perms;
+        context.sendBroadcastWithMultiplePermissions(intent, perms2);
+    }    
+
+    //Tests broadcast of sensitive user information with ordered broadcast.
+    public void sendBroadcast10(Context context) {
+        String username = "test123";
+        String password = "abc12345";
+    
+        Intent intent = new Intent();
+        intent.setAction("com.example.custom_action");
+        intent.putExtra("name", username);
+        intent.putExtra("pwd", password);
+        context.sendOrderedBroadcast(intent, "com.example.USER_PERM");
+    }        
 }