Add unit tests + make some fixes

Author: joefarebrother

java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll

@@ -46,9 +46,9 @@ private class SetTextCall extends MethodCall {
 /** A call to a method indicating that the contents of a UI element are safely masked. */
 private class MaskCall extends MethodCall {
   MaskCall() {
-    this.getMethod().hasQualifiedName("android.widget", "TextView", "setInputType")
+    this.getMethod().getAnOverride*().hasQualifiedName("android.widget", "TextView", "setInputType")
     or
-    this.getMethod().hasQualifiedName("android.widget", "view", "setVisibility")
+    this.getMethod().getAnOverride*().hasQualifiedName("android.view", "View", "setVisibility")
   }
 }
 
@@ -66,6 +66,8 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) {
     node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
   }
+
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
 }
 
 /** Holds if the given may be masked. */

java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql

@@ -16,5 +16,5 @@ import semmle.code.java.security.SensitiveUiQuery
 import TextFieldTracking::PathGraph
 
 from TextFieldTracking::PathNode source, TextFieldTracking::PathNode sink
-where NotificationTracking::flowPath(source, sink)
+where TextFieldTracking::flowPath(source, sink)
 select sink, source, sink, "This $@ is exposed in a text view.", source, "sensitive information"

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/AndroidManifest.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.test">
+</manifest>

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/R.java

@@ -0,0 +1,15 @@
+package com.example.test;
+
+public final class R {
+    public static final class id {
+        public static final int test1 = 1;
+        public static final int test2 = 2;
+        public static final int test3 = 3;
+        public static final int test4 = 4;
+        public static final int test5 = 5;
+    }
+
+    public static final class string {
+        public static final int password_prompt = 0;
+    }
+}

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/Test.java

@@ -0,0 +1,31 @@
+package com.example.test;
+
+import android.app.Activity;
+import android.widget.EditText;
+import android.widget.TextView;
+import android.widget.LinearLayout;
+import android.view.View;
+import android.text.InputType;
+
+class Test extends Activity {
+    void test(String password) {
+        EditText test1 = findViewById(R.id.test1);
+        test1.setText(password); // $sensitive-text
+        test1.setHint(password); // $sensitive-text
+        test1.append(password); // $sensitive-text
+        test1.setText(R.string.password_prompt);
+
+        TextView test2 = findViewById(R.id.test2);
+        test2.setVisibility(View.INVISIBLE);
+        test2.setText(password);
+
+        EditText test3 = findViewById(R.id.test3);
+        test3.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
+        test3.setText(password);
+
+        LinearLayout test4 = findViewById(R.id.test4);
+        TextView test5 = findViewById(R.id.test5);
+        test4.setVisibility(View.INVISIBLE);
+        test5.setText(password);
+    }
+}

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/google-android-9.0.0

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/res/layout/Test.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto">
+
+
+    <EditText
+        android:id="@+id/test1"
+        android:inputType="text"/>
+
+    <TextView
+        android:id="@+id/test2"/>
+
+    <EditText
+        android:id="@+id/test3"/>
+
+    <LinearLayout
+        android:id="@+id/test4">
+        <TextView
+            android:id="@+id/test5"/>
+    </LinearLayout>
+
+</LinearLayout>

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.expected

@@ -0,0 +1,2 @@
+testFailures
+failures

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveTextView/test.ql

@@ -0,0 +1,19 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.security.SensitiveUiQuery
+
+module SensitiveTextTest implements TestSig {
+  string getARelevantTag() { result = "sensitive-text" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "sensitive-text" and
+    exists(DataFlow::Node sink | TextFieldTracking::flowTo(sink) |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<SensitiveTextTest>