Java: convert ArbitraryApkInstallation test to .qlref

2026-04-25 16:55:19 +02:00 · 2025-06-26 10:09:12 +02:00
parent ae36f94d5e
commit e0b3a2c5f9
6 changed files with 27 additions and 25 deletions
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.expected
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.expected
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest.ql
@@ -1,19 +0,0 @@
-import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.security.ArbitraryApkInstallationQuery
-import utils.test.InlineExpectationsTest
-
-module HasApkInstallationTest implements TestSig {
-  string getARelevantTag() { result = "hasApkInstallation" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasApkInstallation" and
-    exists(DataFlow::Node sink | ApkInstallationFlow::flowTo(sink) |
-      sink.getLocation() = location and
-      element = sink.toString() and
-      value = ""
-    )
-  }
-}
-
-import MakeTest<HasApkInstallationTest>
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallation.java
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallation.java
@@ -11,7 +11,7 @@ public class ApkInstallation extends Activity {
    public void installAPK(String path) {
        // BAD: the path is not checked
        Intent intent = new Intent(Intent.ACTION_VIEW);
-        intent.setDataAndType(Uri.fromFile(new File(path)), "application/vnd.android.package-archive"); // $ hasApkInstallation
+        intent.setDataAndType(Uri.fromFile(new File(path)), "application/vnd.android.package-archive"); // $ Alert
        startActivity(intent);
    }

@@ -19,7 +19,7 @@ public class ApkInstallation extends Activity {
        Intent intent = new Intent(Intent.ACTION_VIEW);
        intent.setType(APK_MIMETYPE);
        // BAD: the path is not checked
-        intent.setData(Uri.fromFile(new File(path))); // $ hasApkInstallation
+        intent.setData(Uri.fromFile(new File(path))); // $ Alert
        startActivity(intent);
    }

@@ -27,7 +27,7 @@ public class ApkInstallation extends Activity {
        // BAD: file is from external storage
        File file = new File(Environment.getExternalStorageDirectory(), path);
        Intent intent = new Intent(Intent.ACTION_VIEW);
-        intent.setDataAndType(Uri.fromFile(file), APK_MIMETYPE); // $ hasApkInstallation
+        intent.setDataAndType(Uri.fromFile(file), APK_MIMETYPE); // $ Alert
        startActivity(intent);
    }

@@ -35,14 +35,14 @@ public class ApkInstallation extends Activity {
        // BAD: file is from external storage
        File file = new File(Environment.getExternalStorageDirectory(), path);
        Intent intent = new Intent(Intent.ACTION_INSTALL_PACKAGE);
-        intent.setData(Uri.fromFile(file)); // $ hasApkInstallation
+        intent.setData(Uri.fromFile(file)); // $ Alert
        startActivity(intent);
    }

    public void installAPKInstallPackageLiteral(String path) {
        File file = new File(Environment.getExternalStorageDirectory(), path);
        Intent intent = new Intent("android.intent.action.INSTALL_PACKAGE");
-        intent.setData(Uri.fromFile(file)); // $ hasApkInstallation
+        intent.setData(Uri.fromFile(file)); // $ Alert
        startActivity(intent);
    }

@@ -50,7 +50,7 @@ public class ApkInstallation extends Activity {
        Intent intent = new Intent(this, OtherActivity.class);
        intent.setAction(Intent.ACTION_VIEW);
        // BAD: the file is from unknown source
-        intent.setData(Uri.fromFile(file)); // $ hasApkInstallation
+        intent.setData(Uri.fromFile(file)); // $ Alert
    }
 }

--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallationTest.expected
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallationTest.expected
@@ -0,0 +1,16 @@
+#select
+| ApkInstallation.java:14:31:14:58 | fromFile(...) | ApkInstallation.java:14:31:14:58 | fromFile(...) | ApkInstallation.java:14:31:14:58 | fromFile(...) | Arbitrary Android APK installation. |
+| ApkInstallation.java:22:24:22:51 | fromFile(...) | ApkInstallation.java:22:24:22:51 | fromFile(...) | ApkInstallation.java:22:24:22:51 | fromFile(...) | Arbitrary Android APK installation. |
+| ApkInstallation.java:30:31:30:48 | fromFile(...) | ApkInstallation.java:30:31:30:48 | fromFile(...) | ApkInstallation.java:30:31:30:48 | fromFile(...) | Arbitrary Android APK installation. |
+| ApkInstallation.java:38:24:38:41 | fromFile(...) | ApkInstallation.java:38:24:38:41 | fromFile(...) | ApkInstallation.java:38:24:38:41 | fromFile(...) | Arbitrary Android APK installation. |
+| ApkInstallation.java:45:24:45:41 | fromFile(...) | ApkInstallation.java:45:24:45:41 | fromFile(...) | ApkInstallation.java:45:24:45:41 | fromFile(...) | Arbitrary Android APK installation. |
+| ApkInstallation.java:53:24:53:41 | fromFile(...) | ApkInstallation.java:53:24:53:41 | fromFile(...) | ApkInstallation.java:53:24:53:41 | fromFile(...) | Arbitrary Android APK installation. |
+edges
+nodes
+| ApkInstallation.java:14:31:14:58 | fromFile(...) | semmle.label | fromFile(...) |
+| ApkInstallation.java:22:24:22:51 | fromFile(...) | semmle.label | fromFile(...) |
+| ApkInstallation.java:30:31:30:48 | fromFile(...) | semmle.label | fromFile(...) |
+| ApkInstallation.java:38:24:38:41 | fromFile(...) | semmle.label | fromFile(...) |
+| ApkInstallation.java:45:24:45:41 | fromFile(...) | semmle.label | fromFile(...) |
+| ApkInstallation.java:53:24:53:41 | fromFile(...) | semmle.label | fromFile(...) |
+subpaths
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallationTest.qlref
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/ApkInstallationTest.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/options
+++ b/java/ql/test/query-tests/security/CWE-094/ApkInstallationTest/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/apache-commons-logging-1.2:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../../stubs/jinjava-2.6.0:${testdir}/../../../../stubs/pebble-3.1.5:${testdir}/../../../../stubs/thymeleaf-3.0.14:${testdir}/../../../../stubs/apache-velocity-2.3:${testdir}/../../../..//stubs/google-android-9.0.0
				`@@ -0,0 +1 @@`
				//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/apache-commons-logging-1.2:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../../stubs/jinjava-2.6.0:${testdir}/../../../../stubs/pebble-3.1.5:${testdir}/../../../../stubs/thymeleaf-3.0.14:${testdir}/../../../../stubs/apache-velocity-2.3:${testdir}/../../../..//stubs/google-android-9.0.0