Allow arbitrary read steps at the sink

Author: joefarebrother

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -84,6 +84,7 @@ private module Frameworks {
   private import semmle.code.java.frameworks.apache.Collections
   private import semmle.code.java.frameworks.apache.Lang
   private import semmle.code.java.frameworks.Flexjson
+  private import semmle.code.java.frameworks.android.Intent
   private import semmle.code.java.frameworks.guava.Guava
   private import semmle.code.java.frameworks.jackson.JacksonSerializability
   private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer

java/ql/src/semmle/code/java/security/AndroidSensitiveBroadcastQuery.qll

@@ -119,4 +119,10 @@ class SensitiveBroadcastConfig extends TaintTracking::Configuration {
       setReceiverMa.getQualifier().(VarAccess).getVariable().getAnAccess() = node.asExpr()
     )
   }
+
+  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
+    super.allowImplicitRead(node, c)
+    or
+    this.isSink(node)
+  }
 }