codeql/java/ql/test/query-tests/security/CWE-441/Test.java

package test;

import android.content.ContentResolver;
import android.net.Uri;
import android.app.Activity;

public class Test extends Activity {
    private void validateWithEquals(Uri uri) {
        if (!uri.equals(Uri.parse("content://safe/uri")))
            throw new SecurityException();
    }

    private void validateWithAllowList(Uri uri) throws SecurityException {
        String path = uri.getPath();
        java.nio.file.Path normalized =
                java.nio.file.FileSystems.getDefault().getPath(path).normalize();
        if (!normalized.startsWith("/safe/path"))
            throw new SecurityException();
    }

    private void validateWithBlockList(Uri uri) throws SecurityException {
        String path = uri.getPath();
        java.nio.file.Path normalized =
                java.nio.file.FileSystems.getDefault().getPath(path).normalize();
        if (normalized.startsWith("/data"))
            throw new SecurityException();
    }

    public void onCreate() {
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            contentResolver.openInputStream(uri); // $ hasTaintFlow
            contentResolver.openOutputStream(uri); // $ hasTaintFlow
            contentResolver.openAssetFile(uri, null, null); // $ hasTaintFlow
            contentResolver.openAssetFileDescriptor(uri, null); // $ hasTaintFlow
            contentResolver.openFile(uri, null, null); // $ hasTaintFlow
            contentResolver.openFileDescriptor(uri, null); // $ hasTaintFlow
            contentResolver.openTypedAssetFile(uri, null, null, null); // $ hasTaintFlow
            contentResolver.openTypedAssetFileDescriptor(uri, null, null); // $ hasTaintFlow
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            String path = uri.getPath();
            if (path.startsWith("/data"))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // $ hasTaintFlow
        }
        // Equals checks
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            if (!uri.equals(Uri.parse("content://safe/uri")))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // Safe
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            validateWithEquals(uri);
            contentResolver.openInputStream(uri); // Safe
        }
        // Allow list checks
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            String path = uri.getPath();
            if (!path.startsWith("/safe/path"))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // $ hasTaintFlow
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            String path = uri.getPath();
            java.nio.file.Path normalized =
                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();
            if (!normalized.startsWith("/safe/path"))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // Safe
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            validateWithAllowList(uri);
            contentResolver.openInputStream(uri); // Safe
        }
        // Block list checks
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            String path = uri.getPath();
            if (path.startsWith("/data"))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // $ hasTaintFlow
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            String path = uri.getPath();
            java.nio.file.Path normalized =
                    java.nio.file.FileSystems.getDefault().getPath(path).normalize();
            if (normalized.startsWith("/data"))
                throw new SecurityException();
            contentResolver.openInputStream(uri); // Safe
        }
        {
            ContentResolver contentResolver = getContentResolver();
            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
            validateWithBlockList(uri);
            contentResolver.openInputStream(uri); // Safe
        }
    }
}