Merge pull request github#6963 from atorralba/atorralba/android-onactivityresult-source

Android: Add the Intent parameter of the `onActivityResult` method as a source

Author: atorralba

config/identical-files.json

@@ -7,6 +7,7 @@
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -17,6 +17,7 @@ import semmle.code.java.frameworks.android.WebView
 import semmle.code.java.frameworks.JaxWS
 import semmle.code.java.frameworks.javase.WebSocket
 import semmle.code.java.frameworks.android.Android
+import semmle.code.java.frameworks.android.OnActivityResultSource
 import semmle.code.java.frameworks.android.Intent
 import semmle.code.java.frameworks.play.Play
 import semmle.code.java.frameworks.spring.SpringWeb
@@ -264,3 +265,13 @@ class ExportedAndroidContentProviderInput extends RemoteFlowSource, AndroidConte
 
   override string getSourceType() { result = "Exported Android content provider source" }
 }
+
+/**
+ * The data Intent parameter in the `onActivityResult` method in an Activity or Fragment that
+ * calls `startActivityForResult` with an implicit Intent.
+ */
+class OnActivityResultIntentSource extends OnActivityResultIncomingIntent, RemoteFlowSource {
+  OnActivityResultIntentSource() { this.isRemoteSource() }
+
+  override string getSourceType() { result = "Android onActivityResult incoming Intent" }
+}

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowForOnActivityResult.qll

@@ -0,0 +1,19 @@
+/**
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) data flow analyses (for internal use only).
+ *
+ * This copy of the library is exclusively for use by `OnActivityResultSource.qll` and
+ * related libraries. Configurations computed using this instance of the library
+ * are in scope whenever `java.qll` is imported, and are used to compute among
+ * other things `RemoteFlowSource`s.
+ */
+
+import java
+
+/**
+ * Provides classes for performing local (intra-procedural) and
+ * global (inter-procedural) data flow analyses (for internal use only).
+ */
+module DataFlowForOnActivityResult {
+  import semmle.code.java.dataflow.internal.DataFlowImplForOnActivityResult
+}