Merge branch 'main' into jcogs33/exclude-funcexpr-from-dataflowtargetapi

Author: jcogs33

csharp/ql/lib/semmle/code/csharp/Callable.qll

@@ -358,6 +358,9 @@ class Constructor extends DotNet::Constructor, Callable, Member, Attributable, @
     if this.isStatic() then result = this.getParameter(i) else result = this.getParameter(i - 1)
   }
 
+  /** Holds if this is a constructor without parameters. */
+  predicate isParameterless() { this.getNumberOfParameters() = 0 }
+
   override string getUndecoratedName() { result = ".ctor" }
 }
 

csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -39,7 +39,8 @@ private predicate isRelevantForModels(CS::Callable api) {
   not api instanceof CS::ConversionOperator and
   not api instanceof Util::MainMethod and
   not api instanceof CS::Destructor and
-  not api instanceof CS::AnonymousFunctionExpr
+  not api instanceof CS::AnonymousFunctionExpr and
+  not api.(CS::Constructor).isParameterless()
 }
 
 /**

csharp/ql/test/utils/model-generator/dataflow/NoSummaries.cs

@@ -131,4 +131,15 @@ public Dictionary<int, int> ReturnSimpleTypeDictionary(Dictionary<int, int> a)
     {
         return a;
     }
-}
+}
+
+// A neutral model should not be created for a parameterless constructor.
+public class ParameterlessConstructor
+{
+    public bool IsInitialized;
+
+    public ParameterlessConstructor()
+    {
+        IsInitialized = true;
+    }
+}

java/ql/consistency-queries/cfgDeadEnds.ql

@@ -53,8 +53,6 @@ predicate shouldBeDeadEnd(ControlFlowNode n) {
   not exists(n.getFile().getRelativePath()) // TODO
   or
   n = any(ConstCase c).getValue(_) // TODO
-  or
-  n instanceof ErrorExpr // TODO
 }
 
 from ControlFlowNode n, string s

java/ql/lib/change-notes/2022-10-17-android-activity-alias.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added support for Android Manifest `<activity-aliases>` elements in data flow sources. 

java/ql/lib/semmle/code/java/Member.qll

@@ -628,6 +628,9 @@ class Constructor extends Callable, @constructor {
   /** Holds if this is a default constructor, not explicitly declared in source code. */
   predicate isDefaultConstructor() { isDefConstr(this) }
 
+  /** Holds if this is a constructor without parameters. */
+  predicate isParameterless() { this.getNumberOfParameters() = 0 }
+
   override Constructor getSourceDeclaration() { constrs(this, _, _, _, _, result) }
 
   override string getSignature() { constrs(this, _, result, _, _, _) }

java/ql/lib/semmle/code/java/frameworks/android/Android.qll

@@ -26,7 +26,12 @@ class AndroidComponent extends Class {
 
   /** The XML element corresponding to this Android component. */
   AndroidComponentXmlElement getAndroidComponentXmlElement() {
-    result.getResolvedComponentName() = this.getQualifiedName()
+    // Find an element with an identifier matching the qualified name of the component.
+    // Aliases have two identifiers (name and target), so check both identifiers (if present).
+    exists(AndroidIdentifierXmlAttribute identifier |
+      identifier = result.getAnAttribute() and
+      result.getResolvedIdentifier(identifier) = this.getQualifiedName()
+    )
   }
 
   /** Holds if this Android component is configured as `exported` in an `AndroidManifest.xml` file. */
@@ -52,6 +57,12 @@ class ExportableAndroidComponent extends AndroidComponent {
     or
     this.hasIntentFilter() and
     not this.getAndroidComponentXmlElement().isNotExported()
+    or
+    exists(AndroidActivityAliasXmlElement e |
+      e = this.getAndroidComponentXmlElement() and
+      not e.isNotExported() and
+      e.hasAnIntentFilterElement()
+    )
   }
 }
 

java/ql/lib/semmle/code/xml/AndroidManifest.qll

@@ -129,6 +129,42 @@ class AndroidApplicationXmlElement extends XmlElement {
  */
 class AndroidActivityXmlElement extends AndroidComponentXmlElement {
   AndroidActivityXmlElement() { this.getName() = "activity" }
+
+  /**
+   * Gets an `<activity-alias>` element aliasing the activity.
+   */
+  AndroidActivityAliasXmlElement getAnAlias() {
+    exists(AndroidActivityAliasXmlElement alias | this = alias.getTarget() | result = alias)
+  }
+}
+
+/**
+ * An `<activity-alias>` element in an Android manifest file.
+ */
+class AndroidActivityAliasXmlElement extends AndroidComponentXmlElement {
+  AndroidActivityAliasXmlElement() { this.getName() = "activity-alias" }
+
+  /**
+   * Get and resolve the name of the target activity from the `android:targetActivity` attribute.
+   */
+  string getResolvedTargetActivityName() {
+    exists(AndroidXmlAttribute attr |
+      attr = this.getAnAttribute() and attr.getName() = "targetActivity"
+    |
+      result = this.getResolvedIdentifier(attr)
+    )
+  }
+
+  /**
+   * Gets the `<activity>` element referenced by the `android:targetActivity` attribute.
+   */
+  AndroidActivityXmlElement getTarget() {
+    exists(AndroidActivityXmlElement activity |
+      activity.getResolvedComponentName() = this.getResolvedTargetActivityName()
+    |
+      result = activity
+    )
+  }
 }
 
 /**
@@ -212,6 +248,13 @@ class AndroidPermissionXmlAttribute extends XmlAttribute {
   predicate isWrite() { this.getName() = "writePermission" }
 }
 
+/**
+ * The attribute `android:name` or `android:targetActivity`.
+ */
+class AndroidIdentifierXmlAttribute extends AndroidXmlAttribute {
+  AndroidIdentifierXmlAttribute() { this.getName() = ["name", "targetActivity"] }
+}
+
 /**
  * The `<path-permission`> element of a `<provider>` in an Android manifest file.
  */
@@ -228,7 +271,7 @@ class AndroidPathPermissionXmlElement extends XmlElement {
 class AndroidComponentXmlElement extends XmlElement {
   AndroidComponentXmlElement() {
     this.getParent() instanceof AndroidApplicationXmlElement and
-    this.getName().regexpMatch("(activity|service|receiver|provider)")
+    this.getName().regexpMatch("(activity|activity-alias|service|receiver|provider)")
   }
 
   /**
@@ -254,19 +297,30 @@ class AndroidComponentXmlElement extends XmlElement {
     )
   }
 
+  /**
+   * Gets the value of an identifier attribute, and tries to resolve it into a fully qualified identifier.
+   */
+  string getResolvedIdentifier(AndroidIdentifierXmlAttribute identifier) {
+    exists(string name | name = identifier.getValue() |
+      if name.matches(".%")
+      then
+        result =
+          this.getParent()
+                .(XmlElement)
+                .getParent()
+                .(AndroidManifestXmlElement)
+                .getPackageAttributeValue() + name
+      else result = name
+    )
+  }
+
   /**
    * Gets the resolved value of the `android:name` attribute of this component element.
    */
   string getResolvedComponentName() {
-    if this.getComponentName().matches(".%")
-    then
-      result =
-        this.getParent()
-              .(XmlElement)
-              .getParent()
-              .(AndroidManifestXmlElement)
-              .getPackageAttributeValue() + this.getComponentName()
-    else result = this.getComponentName()
+    exists(AndroidXmlAttribute attr | attr = this.getAnAttribute() and attr.getName() = "name" |
+      result = this.getResolvedIdentifier(attr)
+    )
   }
 
   /**

java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -60,7 +60,8 @@ private predicate isRelevantForModels(J::Callable api) {
   not isJdkInternal(api.getCompilationUnit()) and
   not api instanceof J::MainMethod and
   not api instanceof J::StaticInitializer and
-  not exists(J::FunctionalExpr funcExpr | api = funcExpr.asMethod())
+  not exists(J::FunctionalExpr funcExpr | api = funcExpr.asMethod()) and
+  not api.(J::Constructor).isParameterless()
 }
 
 /**

java/ql/test/kotlin/library-tests/exprs/CONSISTENCY/cfgDeadEnds.expected

@@ -1 +1,2 @@
+| exprs.kt:278:52:278:66 | <error expr> | ErrorExpr | unexpected dead end |
 | exprs.kt:278:52:278:66 | { ... } | BlockStmt | unexpected dead end |