Merge pull request github#6801 from atorralba/atorralba/android_slice_models

Android: Add `androidx.slice.builders` models

Author: atorralba

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -79,6 +79,7 @@ private module Frameworks {
   private import internal.ContainerFlow
   private import semmle.code.java.frameworks.android.Android
   private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.android.Slice
   private import semmle.code.java.frameworks.android.SQLite
   private import semmle.code.java.frameworks.android.XssSinks
   private import semmle.code.java.frameworks.ApacheHttp

java/ql/lib/semmle/code/java/frameworks/android/Slice.qll

@@ -0,0 +1,95 @@
+/** Provides classes and predicates related to `androidx.slice`. */
+
+import java
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.FlowSteps
+private import semmle.code.java.dataflow.ExternalFlow
+
+private class SliceActionsInheritTaint extends DataFlow::SyntheticFieldContent,
+  TaintInheritingContent {
+  SliceActionsInheritTaint() { this.getField().matches("androidx.slice.Slice.action") }
+}
+
+private class SliceBuildersSummaryModels extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "androidx.slice.builders;ListBuilder;true;addAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addGridRow;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addInputRange;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addRange;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addRating;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addRow;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;addSelection;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;setHeader;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;setSeeMoreAction;(PendingIntent);;Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;setSeeMoreRow;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder;true;build;;;SyntheticField[androidx.slice.Slice.action] of Argument[-1];ReturnValue;taint",
+        "androidx.slice.builders;ListBuilder$HeaderBuilder;true;setPrimaryAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;addEndItem;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setInputAction;(PendingIntent);;Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setPrimaryAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RangeBuilder;true;setPrimaryAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RatingBuilder;true;setInputAction;(PendingIntent);;Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RatingBuilder;true;setPrimaryAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction,boolean);;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction);;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;setPrimaryAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction,boolean);;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction);;SyntheticField[androidx.slice.Slice.action] of Argument[0];SyntheticField[androidx.slice.Slice.action] of Argument[-1];taint",
+        "androidx.slice.builders;SliceAction;true;create;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];SyntheticField[androidx.slice.Slice.action] of ReturnValue;taint",
+        "androidx.slice.builders;SliceAction;true;createDeeplink;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];SyntheticField[androidx.slice.Slice.action] of ReturnValue;taint",
+        "androidx.slice.builders;SliceAction;true;createToggle;(PendingIntent,CharSequence,boolean);;Argument[0];SyntheticField[androidx.slice.Slice.action] of ReturnValue;taint",
+        "androidx.slice.builders;SliceAction;true;getAction;;;SyntheticField[androidx.slice.Slice.action] of Argument[-1];ReturnValue;taint",
+        // Fluent models
+        "androidx.slice.builders;ListBuilder;true;" +
+          [
+            "addAction", "addGridRow", "addInputRange", "addRange", "addRating", "addRow",
+            "addSelection", "setAccentColor", "setHeader", "setHostExtras", "setIsError",
+            "setKeywords", "setLayoutDirection", "setSeeMoreAction", "setSeeMoreRow"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;ListBuilder$HeaderBuilder;true;" +
+          [
+            "setContentDescription", "setLayoutDirection", "setPrimaryAction", "setSubtitle",
+            "setSummary", "setTitle"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;" +
+          [
+            "addEndItem", "setContentDescription", "setInputAction", "setLayoutDirection", "setMax",
+            "setMin", "setPrimaryAction", "setSubtitle", "setThumb", "setTitle", "setTitleItem",
+            "setValue"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;ListBuilder$RangeBuilder;true;" +
+          [
+            "setContentDescription", "setMax", "setMode", "setPrimaryAction", "setSubtitle",
+            "setTitle", "setTitleItem", "setValue"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;ListBuilder$RatingBuilder;true;" +
+          [
+            "setContentDescription", "setInputAction", "setMax", "setMin", "setPrimaryAction",
+            "setSubtitle", "setTitle", "setTitleItem", "setValue"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;ListBuilder$RowBuilder;true;" +
+          [
+            "addEndItem", "setContentDescription", "setEndOfSection", "setLayoutDirection",
+            "setPrimaryAction", "setSubtitle", "setTitle", "setTitleItem"
+          ] + ";;;Argument[-1];ReturnValue;value",
+        "androidx.slice.builders;SliceAction;true;" +
+          ["setChecked", "setContentDescription", "setPriority"] +
+          ";;;Argument[-1];ReturnValue;value"
+      ]
+  }
+}
+
+private class SliceProviderSourceModels extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "androidx.slice;SliceProvider;true;onBindSlice;;;Parameter[0];contentprovider",
+        "androidx.slice;SliceProvider;true;onCreatePermissionRequest;;;Parameter[0];contentprovider",
+        "androidx.slice;SliceProvider;true;onMapIntentToUri;;;Parameter[0];contentprovider",
+        "androidx.slice;SliceProvider;true;onSlicePinned;;;Parameter[0];contentprovider",
+        "androidx.slice;SliceProvider;true;onSliceUnpinned;;;Parameter[0];contentprovider"
+      ]
+  }
+}

java/ql/test/library-tests/frameworks/android/slice/AndroidManifest.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:versionCode="1"
+    android:versionName="1.0"
+    package="com.example.app">
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:label="@string/app_name"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+
+        <activity
+            android:name=".MainActivity"
+            android:icon="@drawable/ic_launcher"
+			android:label="@string/app_name">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+        <provider
+            android:name=".TestSources"
+            android:authority="com.example.myapp.Test"
+            android:exported="true" />
+
+    </application>
+</manifest>