Added sample java file for qhelp to render correctly.

masterofnow · masterofnow · commit 0fd09759dfdb · 2023-12-22T08:31:23.000+08:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java b/java/ql/src/experimental/Security/CWE/CWE-470/BadClassLoader.java
@@ -0,0 +1,27 @@
+package poc.sample.classloader;
+
+import android.app.Application;
+import android.content.pm.PackageInfo;
+import android.content.Context;
+import android.util.Log;
+
+public class BadClassLoader extends Application {
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        for (PackageInfo p : getPackageManager().getInstalledPackages(0)) {
+            try {
+                if (p.packageName.startsWith("some.package.")) {
+                    Context appContext = createPackageContext(p.packageName,
+                            CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY);
+                    ClassLoader classLoader = appContext.getClassLoader();
+                    Object result = classLoader.loadClass("some.package.SomeClass")
+                            .getMethod("someMethod")
+                            .invoke(null);
+                }
+            } catch (Exception e) {
+                Log.e("Class loading failed", e.toString());
+            }
+        }
+    }
+}
diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java b/java/ql/src/experimental/Security/CWE/CWE-470/GoodClassLoader.java
@@ -0,0 +1,31 @@
+package poc.sample.classloader;
+
+import android.app.Application;
+import android.content.pm.PackageInfo;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.util.Log;
+
+public class GoodClassLoader extends Application {
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        PackageManager pm = getPackageManager();
+        for (PackageInfo p : pm.getInstalledPackages(0)) {
+            try {
+                if (p.packageName.startsWith("some.package.") &&
+                        (pm.checkSignatures(p.packageName, getApplicationContext().getPackageName()) == PackageManager.SIGNATURE_MATCH)
+                ) {
+                    Context appContext = createPackageContext(p.packageName,
+                            CONTEXT_INCLUDE_CODE | CONTEXT_IGNORE_SECURITY);
+                    ClassLoader classLoader = appContext.getClassLoader();
+                    Object result = classLoader.loadClass("some.package.SomeClass")
+                            .getMethod("someMethod")
+                            .invoke(null);
+                }
+            } catch (Exception e) {
+                Log.e("Class loading failed", e.toString());
+            }
+        }
+    }
+}
