resolved merge conflict in AndroidManifest lib

Author: Jami Cogswell

java/ql/lib/semmle/code/java/security/ImplicitlyExportedAndroidComponent.qll

@@ -4,23 +4,26 @@ private import semmle.code.xml.AndroidManifest
 
 /** Represents an implicitly exported Android component */
 class ImplicitlyExportedAndroidComponent extends AndroidComponentXmlElement {
-  //   ImplicitlyExportedAndroidComponent() {
+  ImplicitlyExportedAndroidComponent() {
+    not this.hasExportedAttribute() and
+    this.hasAnIntentFilterElement() and
+    not this.getAnIntentFilterElement().getACategoryElement().getCategoryName() =
+      "android.intent.category.LAUNCHER" and
+    not this.requiresPermissions() and
+    not this.getParent().(AndroidApplicationXmlElement).requiresPermissions() and
+    //not this.getAnIntentFilterElement().hasLauncherCategoryElement() and
+    not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
+    //this.getFile() instanceof SourceAndroidManifestXmlFile
+  }
+  //   predicate isImplicitlyExported() {
   //     not this.hasExportedAttribute() and
   //     this.hasAnIntentFilterElement() and
   //     not this.requiresPermissions() and
   //     not this.getParent().(AndroidApplicationXmlElement).hasAttribute("permission") and
   //     not this.getAnIntentFilterElement().hasLauncherCategoryElement() and
-  //     not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
+  //     not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory() //and
+  //     not this.getAnIntentFilterElement().getAnActionElement().getActionName().matches("%MEDIA%") and // try MEDIA exclusion -- MRVA returns 251 results, so only removed 13
+  //     not this.getAnIntentFilterElement().getAnActionElement().getActionName() =
+  //       "android.intent.action.MAIN" // try MAIN exclusion -- MRVA returns 193 results, so removed 251-193 = 58 results
   //   }
-  /**
-   * Holds if this Android component is implicitly exported.
-   */
-  predicate isImplicitlyExported() {
-    not this.hasExportedAttribute() and
-    this.hasAnIntentFilterElement() and
-    not this.requiresPermissions() and
-    not this.getParent().(AndroidApplicationXmlElement).hasAttribute("permission") and
-    not this.getAnIntentFilterElement().hasLauncherCategoryElement() and
-    not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
-  }
 }

java/ql/lib/semmle/code/xml/AndroidManifest.qll

@@ -25,6 +25,9 @@ class AndroidManifestXmlFile extends XmlFile {
   predicate isInBuildDirectory() { this.getFile().getRelativePath().matches("%build%") }
 }
 
+// class SourceAndroidManifestXmlFile extends AndroidManifestXmlFile {
+//   SourceAndroidManifestXmlFile() { not this.getFile().getRelativePath().matches("%build%") }
+// }
 /**
  * A `<manifest>` element in an Android manifest file.
  */
@@ -139,6 +142,7 @@ class AndroidPermissionXmlAttribute extends XmlAttribute {
   AndroidPermissionXmlAttribute() {
     this.getNamespace().getPrefix() = "android" and
     this.getName() = ["permission", "readPermission", "writePermission"]
+    //this.getName() = ["permission"]
   }
 
   /** Holds if this is an `android:permission` attribute. */
@@ -234,7 +238,8 @@ class AndroidComponentXmlElement extends XmlElement {
   /**
    * Holds if this component element has an `android:exported` attribute.
    */
-  predicate hasExportedAttribute() { this.hasAttribute("exported") }
+  //predicate hasExportedAttribute() { this.hasAttribute("exported") }
+  predicate hasExportedAttribute() { exists(this.getExportedAttributeValue()) }
 
   /**
    * Holds if this component element has explicitly set a value for its `android:permission` attribute.
@@ -258,15 +263,14 @@ class AndroidIntentFilterXmlElement extends XmlElement {
   /**
    * Gets a `<category>` child element of this `<intent-filter>` element.
    */
-  AndroidCategoryXmlElement getACategoryElement() { result = this.getAChild("category") }
-
-  /**
-   * Holds if this `<intent-filter>` element has a `<category>` child element
-   * named `android.intent.category.LAUNCHER`.
-   */
-  predicate hasLauncherCategoryElement() {
-    this.getACategoryElement().getCategoryName() = "android.intent.category.LAUNCHER"
-  }
+  AndroidCategoryXmlElement getACategoryElement() { result = this.getAChild() }
+  // /**
+  //  * Holds if this `<intent-filter>` element has a `<category>` child element
+  //  * named `android.intent.category.LAUNCHER`.
+  //  */
+  // predicate hasLauncherCategoryElement() {
+  //   this.getACategoryElement().getCategoryName() = "android.intent.category.LAUNCHER"
+  // }
 }
 
 /**

java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql

@@ -13,9 +13,9 @@
 import java
 import semmle.code.java.security.ImplicitlyExportedAndroidComponent
 
-from ImplicitlyExportedAndroidComponent impExpAndroidComp
-where impExpAndroidComp.isImplicitlyExported()
-select impExpAndroidComp, "This component is implicitly exported."
 // from ImplicitlyExportedAndroidComponent impExpAndroidComp
-// where exists(impExpAndroidComp)
+// where impExpAndroidComp.isImplicitlyExported()
 // select impExpAndroidComp, "This component is implicitly exported."
+from ImplicitlyExportedAndroidComponent impExpAndroidComp
+//where exists(impExpAndroidComp)
+select impExpAndroidComp, "This component is implicitly exported."

java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql

@@ -10,8 +10,6 @@ class ImplicitlyExportedAndroidComponentTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasImplicitExport" and
     exists(ImplicitlyExportedAndroidComponent impExpAndroidComp |
-      impExpAndroidComp.isImplicitlyExported()
-    |
       impExpAndroidComp.getLocation() = location and
       element = impExpAndroidComp.toString() and
       value = ""