mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Refactor Android tests
This commit is contained in:
Ed Minnix
@@ -2,14 +2,20 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import TestUtilities.InlineFlowTest
|
||||
|
||||
class EnableLegacy extends EnableLegacyConfiguration {
|
||||
EnableLegacy() { exists(this) }
|
||||
module ProviderTaintFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) }
|
||||
|
||||
int fieldFlowBranchLimit() { result = DefaultFlowConfig::fieldFlowBranchLimit() }
|
||||
}
|
||||
|
||||
class ProviderTaintFlowConf extends DefaultTaintFlowConf {
|
||||
override predicate isSource(DataFlow::Node n) { n instanceof RemoteFlowSource }
|
||||
}
|
||||
module ProviderTaintFlow = TaintTracking::Global<ProviderTaintFlowConfig>;
|
||||
|
||||
class ProviderInlineFlowTest extends InlineFlowTest {
|
||||
override DataFlow::Configuration getValueFlowConfig() { none() }
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
ProviderTaintFlow::flow(src, sink)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,22 +3,18 @@ import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import TestUtilities.InlineFlowTest
|
||||
|
||||
class EnableLegacy extends EnableLegacyConfiguration {
|
||||
EnableLegacy() { exists(this) }
|
||||
}
|
||||
module Config implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
|
||||
|
||||
class Conf extends TaintTracking::Configuration {
|
||||
Conf() { this = "test:AndroidExternalFlowConf" }
|
||||
|
||||
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
sink.asExpr().(Argument).getCall().getCallee().hasName("sink")
|
||||
}
|
||||
}
|
||||
|
||||
class ExternalStorageTest extends InlineFlowTest {
|
||||
override DataFlow::Configuration getValueFlowConfig() { none() }
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
override DataFlow::Configuration getTaintFlowConfig() { result instanceof Conf }
|
||||
class ExternalStorageTest extends InlineFlowTest {
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { Flow::flow(src, sink) }
|
||||
}
|
||||
|
||||
@@ -2,14 +2,20 @@ import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import TestUtilities.InlineFlowTest
|
||||
|
||||
class EnableLegacy extends EnableLegacyConfiguration {
|
||||
EnableLegacy() { exists(this) }
|
||||
module SourceValueFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { DefaultFlowConfig::isSink(sink) }
|
||||
|
||||
int fieldFlowBranchLimit() { result = DefaultFlowConfig::fieldFlowBranchLimit() }
|
||||
}
|
||||
|
||||
class SourceValueFlowConf extends DefaultValueFlowConf {
|
||||
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
|
||||
}
|
||||
module SourceValueFlow = DataFlow::Global<SourceValueFlowConfig>;
|
||||
|
||||
class SourceInlineFlowTest extends InlineFlowTest {
|
||||
override DataFlow::Configuration getTaintFlowConfig() { none() }
|
||||
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) {
|
||||
SourceValueFlow::flow(src, sink)
|
||||
}
|
||||
|
||||
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
|
||||
}
|
||||
|
||||
@@ -4,16 +4,16 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.QueryInjection
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class Conf extends TaintTracking::Configuration {
|
||||
Conf() { this = "qltest:dataflow:android::flow" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
module Config implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source.asExpr().(MethodAccess).getMethod().hasName("taint")
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() }
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(ReturnStmt r).getResult() }
|
||||
}
|
||||
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
class FlowStepTest extends InlineExpectationsTest {
|
||||
FlowStepTest() { this = "FlowStepTest" }
|
||||
|
||||
@@ -22,8 +22,7 @@ class FlowStepTest extends InlineExpectationsTest {
|
||||
override predicate hasActualResult(Location l, string element, string tag, string value) {
|
||||
tag = "taintReachesReturn" and
|
||||
value = "" and
|
||||
exists(Conf conf, DataFlow::Node source |
|
||||
conf.hasFlow(source, _) and
|
||||
exists(DataFlow::Node source | Flow::flow(source, _) |
|
||||
l = source.getLocation() and
|
||||
element = source.toString()
|
||||
)
|
||||
|
||||
@@ -4,16 +4,16 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.QueryInjection
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class Conf extends TaintTracking::Configuration {
|
||||
Conf() { this = "qltest:dataflow:android::flow" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
module Config implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source.asExpr().(MethodAccess).getMethod().hasName("taint")
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
|
||||
}
|
||||
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
class SinkTest extends InlineExpectationsTest {
|
||||
SinkTest() { this = "SinkTest" }
|
||||
|
||||
@@ -22,8 +22,7 @@ class SinkTest extends InlineExpectationsTest {
|
||||
override predicate hasActualResult(Location l, string element, string tag, string value) {
|
||||
tag = "taintReachesSink" and
|
||||
value = "" and
|
||||
exists(Conf conf, DataFlow::Node source |
|
||||
conf.hasFlow(source, _) and
|
||||
exists(DataFlow::Node source | Flow::flow(source, _) |
|
||||
l = source.getLocation() and
|
||||
element = source.toString()
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user