Apply suggestions from code review

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2025-12-21 19:26:31 +01:00 · 2021-11-04 10:08:53 +01:00
parent a5749a5eb1
commit fd92c4e435
2 changed files with 4 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
@@ -71,11 +71,12 @@ private class DefaultIntentRedirectionSink extends IntentRedirectionSink {
 */
 private class DefaultIntentRedirectionSanitizer extends IntentRedirectionSanitizer {
  DefaultIntentRedirectionSanitizer() {
-    exists(MethodAccess ma, Method m |
+    exists(MethodAccess ma, Method m, Guard g, boolean branch |
      ma.getMethod() = m and
      m.getDeclaringType() instanceof TypeComponentName and
      m.hasName(["getPackageName", "getClassName"]) and
-      ma.getBasicBlock().(ConditionBlock).controls(this.asExpr().getBasicBlock(), true)
+      g.isEquality(ma, _, branch) and
      g.controls(this.asExpr().getBasicBlock(), branch)
    )
  }
 }
--- a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirectionSample.java
+++ b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirectionSample.java
@@ -13,6 +13,6 @@ if (destinationComponent.getPackageName().equals("safe.package") &&
 // GOOD: The component that sent the Intent is checked before launching the destination component
 Intent forwardIntent = (Intent) getIntent().getParcelableExtra("forward_intent");
 ComponentName originComponent = getCallingActivity();
-if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName("TrustedClass")) {
+if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName().equals("TrustedClass")) {
    startActivity(forwardIntent);
 }