Skip to content

Commit 522a4bb

Browse files
atorralbaatorralba
committed
Propagate extras through build methods
1 parent c0c40cc commit 522a4bb

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,18 +10,21 @@ private class NotificationBuildersSummaryModels extends SummaryModelCsv {
1010
row =
1111
[
1212
"android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
13+
"android.app;Notification$Action;true;getExtras;;;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
1314
"android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
1415
"android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
1516
"android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint",
1617
"android.app;Notification$Action$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
1718
"android.app;Notification$Action$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
1819
"android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint",
20+
"android.app;Notification$Action$Builder;true;build;;;SyntheticField[android.content.Intent.extras] of Argument[-1];SyntheticField[android.content.Intent.extras] of ReturnValue;value",
1921
"android.app;Notification$Action$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
2022
"android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
2123
"android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint",
2224
"android.app;Notification$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
2325
"android.app;Notification$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
2426
"android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint",
27+
"android.app;Notification$Builder;true;build;;;SyntheticField[android.content.Intent.extras] of Argument[-1];Field[android.app.Notification.extras] of ReturnValue;value",
2528
"android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint",
2629
"android.app;Notification$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
2730
"android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint",

java/ql/test/library-tests/frameworks/android/notification/Test.java

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,16 @@ public void test() throws Exception {
101101
out = in.build();
102102
sink(out); // $ hasTaintFlow
103103
}
104+
{
105+
// "android.app;Notification$Action$Builder;true;build;;;SyntheticField[android.content.Intent.extras]
106+
// of Argument[-1];SyntheticField[android.content.Intent.extras] of ReturnValue;value"
107+
Notification.Action out = null;
108+
Notification.Action.Builder builder = null;
109+
Bundle in = (Bundle) newWithMapValueDefault(source());
110+
builder.addExtras(in);
111+
out = builder.build();
112+
sink(getMapValueDefault(out.getExtras())); // $ hasValueFlow
113+
}
104114
{
105115
// "android.app;Notification$Action$Builder;true;extend;;;Argument[-1];ReturnValue;value"
106116
Notification.Action.Builder out = null;
@@ -223,6 +233,16 @@ public void test() throws Exception {
223233
out = in.build();
224234
sink(out); // $ hasTaintFlow
225235
}
236+
{
237+
// "android.app;Notification$Builder;true;build;;;SyntheticField[android.content.Intent.extras]
238+
// of Argument[-1];Field[android.app.Notification.extras] of ReturnValue;value"
239+
Notification out = null;
240+
Notification.Builder builder = null;
241+
Bundle in = (Bundle) newWithMapValueDefault(source());
242+
builder.addExtras(in);
243+
out = builder.build();
244+
sink(getMapValueDefault(out.extras)); // $ hasValueFlow
245+
}
226246
{
227247
// "android.app;Notification$Builder;true;extend;;;Argument[-1];ReturnValue;value"
228248
Notification.Builder out = null;

0 commit comments

Comments
 (0)