hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Moved Android manifest incomplete permission logic into library

Browse Source
This commit is contained in:
Ed Minnix
2022-09-29 14:06:18 -04:00
parent dedd29e1b3
commit e72963986f
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/semmle/code/xml/AndroidManifest.qll
View File

@@ -180,6 +180,17 @@ class AndroidProviderXmlElement extends AndroidComponentXmlElement {
attr.getValue() = "true"
)
}
/**
* Holds if the provider element provides only `android:readPermission` or `android:writePermission`.
*/
predicate hasIncompletePermissions() {
(
this.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or
this.getAnAttribute().(AndroidPermissionXmlAttribute).isRead()
) and
not this.requiresPermissions()
}
}
/**

11
java/ql/src/Security/CWE/CWE-276/ContentProviderIncompletePermissions.ql
View File

@@ -15,9 +15,8 @@ import semmle.code.xml.AndroidManifest
from AndroidProviderXmlElement provider
where
(
provider.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or
provider.getAnAttribute().(AndroidPermissionXmlAttribute).isRead()
) and
not provider.requiresPermissions()
select provider, "Incomplete permissions"
not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
provider.isExported() and
provider.hasIncompletePermissions()
select provider, "Exported provider $@ has incomplete permissions.", provider,
provider.getResolvedComponentName()