Java: Reveal false negative in test

asgerf · asgerf · commit 5751fc2d3a7f · 2024-08-21T13:36:47.000+02:00
One of the sinks was flagged for the wrong reason in the test case.

The flow into the 'startActivities' sink isn't working properly, but this was not revealed by the test since an alternate, spurious path exists. The spurious path goes through the implicit read at the prior sink and takes a use-use step to the 'startActivities' sink. Swapping the order of the two sinks reveals the false negative.
diff --git a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.expected b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.expected
@@ -1,2 +1,3 @@
 failures
 testFailures
+| ImplicitPendingIntentsTest.java:35:60:35:87 | // $hasImplicitPendingIntent | Missing result:hasImplicitPendingIntent= |
diff --git a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
@@ -32,8 +32,8 @@ public static void testPendingIntentAsAnExtra(Context ctx)
             PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, 0);
             Intent fwdIntent = new Intent();
             fwdIntent.putExtra("fwdIntent", pi);
-            ctx.startActivity(fwdIntent); // $hasImplicitPendingIntent
             ctx.startActivities(new Intent[] {fwdIntent}); // $hasImplicitPendingIntent
+            ctx.startActivity(fwdIntent); // $hasImplicitPendingIntent
             ctx.startService(fwdIntent); // Safe
             ctx.sendBroadcast(fwdIntent); // $hasImplicitPendingIntent
 

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`failures`
`2`	`2`	`testFailures`
	`3`	`+\| ImplicitPendingIntentsTest.java:35:60:35:87 \| // $hasImplicitPendingIntent \| Missing result:hasImplicitPendingIntent= \|`