ContentProvider Incomplete Permissions Test Cases

egregius313 · egregius313 · commit 29e34ac970aa · 2022-09-29T16:07:54.000-04:00
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.expected
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/ContentProviderIncompletePermissionsTest.ql
@@ -0,0 +1,21 @@
+import java
+import semmle.code.xml.AndroidManifest
+import TestUtilities.InlineExpectationsTest
+
+class ContentProviderIncompletePermissionsTest extends InlineExpectationsTest {
+  ContentProviderIncompletePermissionsTest() { this = "ContentProviderIncompletePermissionsTest" }
+
+  override string getARelevantTag() { result = "hasIncompletePermissions" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasIncompletePermissions" and
+    exists(AndroidProviderXmlElement provider |
+      provider.getLocation() = location and
+      provider.toString() = element and
+      value = ""
+    |
+      not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
+      provider.hasIncompletePermissions()
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestFull/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestFull/AndroidManifest.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <!-- Safe: provider has full permissions set --> <provider
+            android:name=".MyContentProvider2"
+            android:authorities="morestuff"
+            android:enabled="true"
+            android:exported="true"
+            android:permission="android.permission.MANAGE_DOCUMENTS"></provider>
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestReadOnly/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestReadOnly/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+
+      <!-- $ hasIncompletePermissions --><provider
+            android:name=".MyContentProvider"
+            android:authorities="table"
+            android:enabled="true"
+            android:exported="true"
+            android:readPermission="android.permission.MANAGE_DOCUMENTS"></provider>
+
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestReadWrite/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestReadWrite/AndroidManifest.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+
+      <!-- Safe: has both read and write permission --><provider
+            android:name=".MyContentProvider"
+            android:authorities="table"
+            android:enabled="true"
+            android:exported="true"
+            android:readPermission="android.permission.MANAGE_DOCUMENTS"
+            android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider>
+
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestWriteOnly/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/TestWriteOnly/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+
+      <!-- $ hasIncompletePermissions --><provider
+            android:name=".MyContentProvider"
+            android:authorities="table"
+            android:enabled="true"
+            android:exported="true"
+            android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider>
+
+    </application>
+
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/Testbuild/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-276/android/incomplete_provider_permissions/Testbuild/AndroidManifest.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.myapplication">
+
+    <application
+        android:allowBackup="false"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+
+        android:theme="@style/Theme.MyApplication"
+        tools:targetApi="31">
+        <!-- Safe: files in the build directory are ignored --> <provider
+            android:name=".MyContentProvider2"
+            android:authorities="morestuff"
+            android:enabled="true"
+            android:exported="true"
+            android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider>
+    </application>
+
+</manifest>
