Add support for android:allowBackup default value

The default value of `android:allowBackup` is `true`. Added support for detecting if the default value is used.
2025-12-20 02:44:30 +01:00 · 2022-08-18 22:04:38 -04:00
parent 6509426fb3
commit dad4a403db
3 changed files with 15 additions and 4 deletions
--- a/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+++ b/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
@@ -17,4 +17,4 @@ from AndroidApplicationXmlElement androidAppElem
 where
  androidAppElem.allowsBackup() and
  androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
-select androidAppElem.getAttribute("allowBackup"), "The 'android:allowBackup' attribute is enabled."
+select androidAppElem, "The 'android:allowBackup' attribute is enabled."
--- a/java/ql/src/Security/CWE/CWE-312/AllowBackupEmpty.xml
+++ b/java/ql/src/Security/CWE/CWE-312/AllowBackupEmpty.xml
@@ -0,0 +1,7 @@
+<manifest ... >
+    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->
+    <application>
+        <activity ... >
+        </activity>
+    </application>
+</manifest>