Fix unbound field

Add tests for non-exported providers

Author: atorralba

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -252,7 +252,10 @@ class ExportedAndroidIntentInput extends RemoteFlowSource, AndroidIntentInput {
 class AndroidContentProviderInput extends DataFlow::Node {
   AndroidContentProvider declaringType;
 
-  AndroidContentProviderInput() { sourceNode(this, "contentprovider") }
+  AndroidContentProviderInput() {
+    sourceNode(this, "contentprovider") and
+    this.asParameter().getCallable().getDeclaringType() = declaringType
+  }
 }
 
 /** A parameter of an entry-point method declared in an exported `ContentProvider` class. */

java/ql/test/library-tests/frameworks/android/content-provider/AndroidManifest.xml

@@ -27,5 +27,10 @@
             android:name=".Test"
             android:authority="com.example.myapp.Test"
             android:exported="true" />
+
+        <provider
+            android:name=".Safe"
+            android:authority="com.example.myapp.Safe"
+            android:exported="false" />
     </application>
 </manifest>

java/ql/test/library-tests/frameworks/android/content-provider/Safe.java

@@ -0,0 +1,174 @@
+package com.example.app;
+
+import java.io.FileNotFoundException;
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.content.res.AssetFileDescriptor;
+import android.database.Cursor;
+import android.net.Uri;
+import android.os.Bundle;
+import android.os.CancellationSignal;
+import android.os.ParcelFileDescriptor;
+import android.os.RemoteException;
+
+// This Content Provider isn't exported, so there shouldn't be any flow
+public class Safe extends ContentProvider {
+
+	void sink(Object o) {}
+
+	@Override
+	public Bundle call(String authority, String method, String arg, Bundle extras) {
+		sink(authority);
+		sink(method);
+		sink(arg);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	public Bundle call(String method, String arg, Bundle extras) {
+		sink(method);
+		sink(arg);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public int delete(Uri uri, String selection, String[] selectionArgs) {
+		sink(uri);
+		sink(selection);
+		sink(selectionArgs);
+		return 0;
+	}
+
+	@Override
+	public int delete(Uri uri, Bundle extras) {
+		sink(uri);
+		sink(extras.get("some_key"));
+		return 0;
+	}
+
+	@Override
+	public String getType(Uri uri) {
+		sink(uri);
+		return null;
+	}
+
+	@Override
+	public Uri insert(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri);
+		sink(values);
+		sink(extras.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public Uri insert(Uri uri, ContentValues values) {
+		sink(uri);
+		sink(values);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri);
+		sink(mode);
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openAssetFile(Uri uri, String mode) {
+		sink(uri);
+		sink(mode);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts,
+			CancellationSignal signal) throws RemoteException, FileNotFoundException {
+		sink(uri);
+		sink(mimeTypeFilter);
+		sink(opts.get("some_key"));
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts)
+			throws FileNotFoundException {
+		sink(uri);
+		sink(mimeTypeFilter);
+		sink(opts.get("some_key"));
+		return null;
+	}
+
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode, CancellationSignal signal) {
+		sink(uri);
+		sink(mode);
+		sink(signal);
+		return null;
+	}
+
+	@Override
+	public ParcelFileDescriptor openFile(Uri uri, String mode) {
+		sink(uri);
+		sink(mode);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, Bundle queryArgs,
+			CancellationSignal cancellationSignal) {
+		sink(uri);
+		sink(projection);
+		sink(queryArgs.get("some_key"));
+		sink(cancellationSignal);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder) {
+		sink(uri);
+		sink(projection);
+		sink(selection);
+		sink(selectionArgs);
+		return null;
+	}
+
+	@Override
+	public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
+			String sortOrder, CancellationSignal cancellationSignal) {
+		sink(uri);
+		sink(projection);
+		sink(selection);
+		sink(selectionArgs);
+		sink(sortOrder);
+		sink(cancellationSignal);
+		return null;
+	}
+
+	@Override
+	public int update(Uri uri, ContentValues values, Bundle extras) {
+		sink(uri);
+		sink(values);
+		sink(extras.get("some_key"));
+		return 0;
+	}
+
+	@Override
+	public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+		sink(uri);
+		sink(values);
+		sink(selection);
+		sink(selectionArgs);
+		return 0;
+	}
+
+
+	@Override
+	public boolean onCreate() {
+		return false;
+	}
+}

java/ql/test/library-tests/frameworks/android/content-provider/test.ql

@@ -8,6 +8,4 @@ class ProviderTaintFlowConf extends DefaultTaintFlowConf {
 
 class ProviderInlineFlowTest extends InlineFlowTest {
   override DataFlow::Configuration getValueFlowConfig() { none() }
-
-  override DataFlow::Configuration getTaintFlowConfig() { result instanceof ProviderTaintFlowConf }
 }