Add test cases; fix the regex used

joefarebrother · joefarebrother · commit 706858e21183 · 2022-11-16T10:54:13.000Z
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveKeyboardCacheQuery.qll
@@ -33,7 +33,11 @@ class AndroidEditableXmlElement extends XmlElement {
 
 /** Gets a regex inidcating that an input field may contain sensitive data. */
 private string getInputSensitiveInfoRegex() {
-  result = [getCommonSensitiveInfoRegex(), "(?i).*(bank|credit|debit|security).*"]
+  result =
+    [
+      getCommonSensitiveInfoRegex(),
+      "(?i).*(bank|credit|debit|(pass(wd|word|code|phrase))|security).*"
+    ]
 }
 
 /** Holds if input using the given input type may be stored in the keyboard cache. */
diff --git a/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp b/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp
@@ -0,0 +1 @@
+todo
diff --git a/java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml b/java/ql/test/query-tests/security/CWE-524/AndroidManifest.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.example.test">
+</manifest>
diff --git a/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected b/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.expected
diff --git a/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql b/java/ql/test/query-tests/security/CWE-524/SensitiveKeyboardCache.ql
@@ -0,0 +1,19 @@
+import java
+import semmle.code.java.security.SensitiveKeyboardCacheQuery
+import TestUtilities.InlineExpectationsTest
+
+class SensitiveKeyboardCacheTest extends InlineExpectationsTest {
+  SensitiveKeyboardCacheTest() { this = "SensitiveKeyboardCacheTest" }
+
+  override string getARelevantTag() { result = "hasResult" }
+
+  override predicate hasActualResult(Location loc, string element, string tag, string value) {
+    exists(AndroidEditableXmlElement el |
+      el = getASensitiveCachedInput() and
+      loc = el.getLocation() and
+      element = el.toString() and
+      tag = "hasResult" and
+      value = ""
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-524/Test.java b/java/ql/test/query-tests/security/CWE-524/Test.java
@@ -0,0 +1 @@
+class Test {}
diff --git a/java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml b/java/ql/test/query-tests/security/CWE-524/res/layout/Test.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto">
+
+
+   <!-- $hasResult --> <EditText
+        android:id="@+id/test1_password"
+        android:inputType="text"/>  
+
+    <EditText
+        android:id="@+id/test2_safe"
+        android:inputType="text"/> 
+
+    <EditText
+        android:id="@+id/test3_password"
+        android:inputType="textNoSuggestions"/>  
+
+    <EditText
+        android:id="@+id/test4_password"
+        android:inputType="textPassword"/> 
+
+    <!-- $hasResult --> <EditText
+        android:id="@+id/test5_bank_account_name"
+        android:inputType="textMultiLine"/>  
+</LinearLayout>
