Decouple from github#10177

atorralba · atorralba · commit 7b34b10ceea5 · 2022-10-06T16:28:17.000+02:00
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll b/java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll
@@ -3,7 +3,6 @@
 import java
 private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.frameworks.android.Android
-private import semmle.code.java.security.PathSanitizer
 
 /** A URI that gets resolved by a `ContentResolver`. */
 abstract class ContentUriResolutionSink extends DataFlow::Node { }
@@ -50,9 +49,6 @@ private class UninterestingTypeSanitizer extends ContentUriResolutionSanitizer {
   }
 }
 
-private class PathSanitizer extends ContentUriResolutionSanitizer instanceof PathInjectionSanitizer {
-}
-
 private class FilenameOnlySanitizer extends ContentUriResolutionSanitizer {
   FilenameOnlySanitizer() {
     exists(Method m | this.asExpr().(MethodAccess).getMethod() = m |
diff --git a/java/ql/test/query-tests/security/CWE-441/Test.java b/java/ql/test/query-tests/security/CWE-441/Test.java
@@ -53,13 +53,13 @@ public void onCreate() {
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
             if (!uri.equals(Uri.parse("content://safe/uri")))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow
         }
         {
             ContentResolver contentResolver = getContentResolver();
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
             validateWithEquals(uri);
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow
         }
         // Allow list checks
         {
@@ -78,13 +78,13 @@ public void onCreate() {
                     java.nio.file.FileSystems.getDefault().getPath(path).normalize();
             if (!normalized.startsWith("/safe/path"))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow
         }
         {
             ContentResolver contentResolver = getContentResolver();
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
             validateWithAllowList(uri);
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri);// $ SPURIOUS: hasTaintFlow
         }
         // Block list checks
         {
@@ -103,13 +103,13 @@ public void onCreate() {
                     java.nio.file.FileSystems.getDefault().getPath(path).normalize();
             if (normalized.startsWith("/data"))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow
         }
         {
             ContentResolver contentResolver = getContentResolver();
             Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
             validateWithBlockList(uri);
-            contentResolver.openInputStream(uri); // Safe
+            contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -53,13 +53,13 @@ public void onCreate() {`
`53`	`53`	`Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");`
`54`	`54`	`if (!uri.equals(Uri.parse("content://safe/uri")))`
`55`	`55`	`throw new SecurityException();`
`56`		`- contentResolver.openInputStream(uri); // Safe`
	`56`	`+ contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow`
`57`	`57`	`}`
`58`	`58`	`{`
`59`	`59`	`ContentResolver contentResolver = getContentResolver();`
`60`	`60`	`Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");`
`61`	`61`	`validateWithEquals(uri);`
`62`		`- contentResolver.openInputStream(uri); // Safe`
	`62`	`+ contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow`
`63`	`63`	`}`
`64`	`64`	`// Allow list checks`
`65`	`65`	`{`
`@@ -78,13 +78,13 @@ public void onCreate() {`
`78`	`78`	`java.nio.file.FileSystems.getDefault().getPath(path).normalize();`
`79`	`79`	`if (!normalized.startsWith("/safe/path"))`
`80`	`80`	`throw new SecurityException();`
`81`		`- contentResolver.openInputStream(uri); // Safe`
	`81`	`+ contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow`
`82`	`82`	`}`
`83`	`83`	`{`
`84`	`84`	`ContentResolver contentResolver = getContentResolver();`
`85`	`85`	`Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");`
`86`	`86`	`validateWithAllowList(uri);`
`87`		`- contentResolver.openInputStream(uri); // Safe`
	`87`	`+ contentResolver.openInputStream(uri);// $ SPURIOUS: hasTaintFlow`
`88`	`88`	`}`
`89`	`89`	`// Block list checks`
`90`	`90`	`{`
`@@ -103,13 +103,13 @@ public void onCreate() {`
`103`	`103`	`java.nio.file.FileSystems.getDefault().getPath(path).normalize();`
`104`	`104`	`if (normalized.startsWith("/data"))`
`105`	`105`	`throw new SecurityException();`
`106`		`- contentResolver.openInputStream(uri); // Safe`
	`106`	`+ contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow`
`107`	`107`	`}`
`108`	`108`	`{`
`109`	`109`	`ContentResolver contentResolver = getContentResolver();`
`110`	`110`	`Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");`
`111`	`111`	`validateWithBlockList(uri);`
`112`		`- contentResolver.openInputStream(uri); // Safe`
	`112`	`+ contentResolver.openInputStream(uri); // $ SPURIOUS: hasTaintFlow`
`113`	`113`	`}`
`114`	`114`	`}`
`115`	`115`	`}`