Java: convert UnsafeContentUriResolution test to .qlref

Author: d10c

java/ql/test/query-tests/security/CWE-441/Test.java

@@ -29,23 +29,23 @@ private void validateWithBlockList(Uri uri) throws SecurityException {
     public void onCreate() {
         {
             ContentResolver contentResolver = getContentResolver();
-            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
-            contentResolver.openInputStream(uri); // $ hasTaintFlow
-            contentResolver.openOutputStream(uri); // $ hasTaintFlow
-            contentResolver.openAssetFile(uri, null, null); // $ hasTaintFlow
-            contentResolver.openAssetFileDescriptor(uri, null); // $ hasTaintFlow
-            contentResolver.openFile(uri, null, null); // $ hasTaintFlow
-            contentResolver.openFileDescriptor(uri, null); // $ hasTaintFlow
-            contentResolver.openTypedAssetFile(uri, null, null, null); // $ hasTaintFlow
-            contentResolver.openTypedAssetFileDescriptor(uri, null, null); // $ hasTaintFlow
+            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); // $ Source
+            contentResolver.openInputStream(uri); // $ Alert
+            contentResolver.openOutputStream(uri); // $ Alert
+            contentResolver.openAssetFile(uri, null, null); // $ Alert
+            contentResolver.openAssetFileDescriptor(uri, null); // $ Alert
+            contentResolver.openFile(uri, null, null); // $ Alert
+            contentResolver.openFileDescriptor(uri, null); // $ Alert
+            contentResolver.openTypedAssetFile(uri, null, null, null); // $ Alert
+            contentResolver.openTypedAssetFileDescriptor(uri, null, null); // $ Alert
         }
         {
             ContentResolver contentResolver = getContentResolver();
-            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
+            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); // $ Source
             String path = uri.getPath();
             if (path.startsWith("/data"))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // $ hasTaintFlow
+            contentResolver.openInputStream(uri); // $ Alert
         }
         // Equals checks
         {
@@ -64,11 +64,11 @@ public void onCreate() {
         // Allow list checks
         {
             ContentResolver contentResolver = getContentResolver();
-            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
+            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); // $ Source
             String path = uri.getPath();
             if (!path.startsWith("/safe/path"))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // $ hasTaintFlow
+            contentResolver.openInputStream(uri); // $ Alert
         }
         {
             ContentResolver contentResolver = getContentResolver();
@@ -89,11 +89,11 @@ public void onCreate() {
         // Block list checks
         {
             ContentResolver contentResolver = getContentResolver();
-            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA");
+            Uri uri = (Uri) getIntent().getParcelableExtra("URI_EXTRA"); // $ Source
             String path = uri.getPath();
             if (path.startsWith("/data"))
                 throw new SecurityException();
-            contentResolver.openInputStream(uri); // $ hasTaintFlow
+            contentResolver.openInputStream(uri); // $ Alert
         }
         {
             ContentResolver contentResolver = getContentResolver();

java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.expected

@@ -0,0 +1,59 @@
+#select
+| Test.java:33:45:33:47 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:33:45:33:47 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:34:46:34:48 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:34:46:34:48 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:35:43:35:45 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:35:43:35:45 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:36:53:36:55 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:36:53:36:55 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:37:38:37:40 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:37:38:37:40 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:38:48:38:50 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:38:48:38:50 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:39:48:39:50 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:39:48:39:50 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:40:58:40:60 | uri | Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:40:58:40:60 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:32:29:32:39 | getIntent(...) | user-provided value |
+| Test.java:48:45:48:47 | uri | Test.java:44:29:44:39 | getIntent(...) : Intent | Test.java:48:45:48:47 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:44:29:44:39 | getIntent(...) | user-provided value |
+| Test.java:71:45:71:47 | uri | Test.java:67:29:67:39 | getIntent(...) : Intent | Test.java:71:45:71:47 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:67:29:67:39 | getIntent(...) | user-provided value |
+| Test.java:96:45:96:47 | uri | Test.java:92:29:92:39 | getIntent(...) : Intent | Test.java:96:45:96:47 | uri | This ContentResolver method that resolves a URI depends on a $@. | Test.java:92:29:92:39 | getIntent(...) | user-provided value |
+edges
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:33:45:33:47 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:34:46:34:48 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:35:43:35:45 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:36:53:36:55 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:37:38:37:40 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:38:48:38:50 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:39:48:39:50 | uri | provenance |  |
+| Test.java:32:23:32:71 | (...)... : Uri | Test.java:40:58:40:60 | uri | provenance |  |
+| Test.java:32:29:32:39 | getIntent(...) : Intent | Test.java:32:29:32:71 | getParcelableExtra(...) : Parcelable | provenance | MaD:1 |
+| Test.java:32:29:32:71 | getParcelableExtra(...) : Parcelable | Test.java:32:23:32:71 | (...)... : Uri | provenance |  |
+| Test.java:44:23:44:71 | (...)... : Uri | Test.java:48:45:48:47 | uri | provenance |  |
+| Test.java:44:29:44:39 | getIntent(...) : Intent | Test.java:44:29:44:71 | getParcelableExtra(...) : Parcelable | provenance | MaD:1 |
+| Test.java:44:29:44:71 | getParcelableExtra(...) : Parcelable | Test.java:44:23:44:71 | (...)... : Uri | provenance |  |
+| Test.java:67:23:67:71 | (...)... : Uri | Test.java:71:45:71:47 | uri | provenance |  |
+| Test.java:67:29:67:39 | getIntent(...) : Intent | Test.java:67:29:67:71 | getParcelableExtra(...) : Parcelable | provenance | MaD:1 |
+| Test.java:67:29:67:71 | getParcelableExtra(...) : Parcelable | Test.java:67:23:67:71 | (...)... : Uri | provenance |  |
+| Test.java:92:23:92:71 | (...)... : Uri | Test.java:96:45:96:47 | uri | provenance |  |
+| Test.java:92:29:92:39 | getIntent(...) : Intent | Test.java:92:29:92:71 | getParcelableExtra(...) : Parcelable | provenance | MaD:1 |
+| Test.java:92:29:92:71 | getParcelableExtra(...) : Parcelable | Test.java:92:23:92:71 | (...)... : Uri | provenance |  |
+models
+| 1 | Summary: android.content; Intent; true; getParcelableExtra; (String); ; Argument[this].SyntheticField[android.content.Intent.extras].MapValue; ReturnValue; value; manual |
+nodes
+| Test.java:32:23:32:71 | (...)... : Uri | semmle.label | (...)... : Uri |
+| Test.java:32:29:32:39 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
+| Test.java:32:29:32:71 | getParcelableExtra(...) : Parcelable | semmle.label | getParcelableExtra(...) : Parcelable |
+| Test.java:33:45:33:47 | uri | semmle.label | uri |
+| Test.java:34:46:34:48 | uri | semmle.label | uri |
+| Test.java:35:43:35:45 | uri | semmle.label | uri |
+| Test.java:36:53:36:55 | uri | semmle.label | uri |
+| Test.java:37:38:37:40 | uri | semmle.label | uri |
+| Test.java:38:48:38:50 | uri | semmle.label | uri |
+| Test.java:39:48:39:50 | uri | semmle.label | uri |
+| Test.java:40:58:40:60 | uri | semmle.label | uri |
+| Test.java:44:23:44:71 | (...)... : Uri | semmle.label | (...)... : Uri |
+| Test.java:44:29:44:39 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
+| Test.java:44:29:44:71 | getParcelableExtra(...) : Parcelable | semmle.label | getParcelableExtra(...) : Parcelable |
+| Test.java:48:45:48:47 | uri | semmle.label | uri |
+| Test.java:67:23:67:71 | (...)... : Uri | semmle.label | (...)... : Uri |
+| Test.java:67:29:67:39 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
+| Test.java:67:29:67:71 | getParcelableExtra(...) : Parcelable | semmle.label | getParcelableExtra(...) : Parcelable |
+| Test.java:71:45:71:47 | uri | semmle.label | uri |
+| Test.java:92:23:92:71 | (...)... : Uri | semmle.label | (...)... : Uri |
+| Test.java:92:29:92:39 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
+| Test.java:92:29:92:71 | getParcelableExtra(...) : Parcelable | semmle.label | getParcelableExtra(...) : Parcelable |
+| Test.java:96:45:96:47 | uri | semmle.label | uri |
+subpaths

java/ql/test/query-tests/security/CWE-441/UnsafeContentUriResolutionTest.ql

@@ -0,0 +1,4 @@
+query: Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql