Revert "Android ContentProvider.openFile does not check mode initital commit"

This reverts commit e37f62bb5e. The MisconfiguedContentProviderUse.ql file provided a sample query which will be useful in future checks for CVE-2021-41166, but is not needed for the current manifest-focused check
2026-04-28 02:05:14 +02:00 · 2022-09-29 14:43:18 -04:00
parent e72963986f
commit f2bda1525a
1 changed files with 0 additions and 27 deletions
--- a/java/ql/src/Security/CWE/CWE-276/MisconfiguedContentProviderUse.ql
+++ b/java/ql/src/Security/CWE/CWE-276/MisconfiguedContentProviderUse.ql
@@ -1,27 +0,0 @@
-/**
- * @name Misconfigured ContentProvider use
- * @description ContentProvider#openFile override which does not use `mode` argument.
- * @kind problem
- * @id java/android/misconfigured-content-provider
- * @problem.severity warning
- * @security-severity 7.8
- * @tags security external/cwe/cwe-276
- * @precision medium
- */
-
-import java
-
-class ContentProviderOpenFileMethod extends Method {
-  ContentProviderOpenFileMethod() {
-    this.hasName("openFile") and
-    this.getDeclaringType().getASupertype*().hasQualifiedName("android.content", "ContentProvider")
-  }
-
-  predicate doesNotCheckMode() {
-    exists(Parameter p | p = this.getParameter(1) | not exists(p.getAnAccess()))
-  }
-}
-
-from ContentProviderOpenFileMethod ofm
-where ofm.doesNotCheckMode()
-select ofm, "Open file"