Move sinks to security library

2026-04-30 11:15:13 +02:00 · 2021-08-11 13:03:08 +02:00
parent 9a537f9c23
commit f90220436f
1 changed files with 28 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/security/AndroidIntentRedirection.qll
+++ b/java/ql/src/semmle/code/java/security/AndroidIntentRedirection.qll
@@ -28,6 +28,34 @@ class IntentRedirectionAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
 }

+private class DefaultIntentRedirectionSinkModel extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "android.app;Activity;true;startActivityAsCaller;;;Argument[0];intent-start",
+        "android.app;Activity;true;startActivityForResult;(Intent,int);;Argument[0];intent-start",
+        "android.app;Activity;true;startActivityForResult;(Intent,int,Bundle);;Argument[0];intent-start",
+        "android.app;Activity;true;startActivityForResult;(String,Intent,int,Bundle);;Argument[1];intent-start",
+        "android.app;Activity;true;startActivityForResultAsUser;;;Argument[0];intent-start",
+        "android.content;Context;true;startActivities;;;Argument[0];intent-start",
+        "android.content;Context;true;startActivity;;;Argument[0];intent-start",
+        "android.content;Context;true;startActivityAsUser;;;Argument[0];intent-start",
+        "android.content;Context;true;startActivityFromChild;;;Argument[1];intent-start",
+        "android.content;Context;true;startActivityFromFragment;;;Argument[1];intent-start",
+        "android.content;Context;true;startActivityIfNeeded;;;Argument[0];intent-start",
+        "android.content;Context;true;startService;;;Argument[0];intent-start",
+        "android.content;Context;true;startServiceAsUser;;;Argument[0];intent-start",
+        "android.content;Context;true;sendBroadcast;;;Argument[0];intent-start",
+        "android.content;Context;true;sendBroadcastAsUser;;;Argument[0];intent-start",
+        "android.content;Context;true;sendBroadcastWithMultiplePermissions;;;Argument[0];intent-start",
+        "android.content;Context;true;sendStickyBroadcast;;;Argument[0];intent-start",
+        "android.content;Context;true;sendStickyBroadcastAsUser;;;Argument[0];intent-start",
+        "android.content;Context;true;sendStickyOrderedBroadcast;;;Argument[0];intent-start",
+        "android.content;Context;true;sendStickyOrderedBroadcastAsUser;;;Argument[0];intent-start"
+      ]
+  }
+}
+
 /** Default sink for Intent redirection vulnerabilities. */
 private class DefaultIntentRedirectionSink extends IntentRedirectionSink {
  DefaultIntentRedirectionSink() { sinkNode(this, "intent-start") }