Skip to content

Commit 8263524

Browse files
atorralbaatorralba
committed
Add tests for Intent and ComponentName summaries
1 parent 2ab7a55 commit 8263524

File tree

4 files changed

+272
-0
lines changed

4 files changed

+272
-0
lines changed

java/ql/test/library-tests/frameworks/android/intents/Test.java

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
package generatedtest;
2+
3+
import android.content.ComponentName;
4+
import android.content.Context;
5+
import android.content.Intent;
6+
import android.os.Parcel;
7+
8+
// Test case generated by GenerateFlowTestCase.ql
9+
public class Test {
10+
11+
Object source() {
12+
return null;
13+
}
14+
15+
void sink(Object o) {}
16+
17+
public void test() throws Exception {
18+
19+
{
20+
// "android.content;ComponentName;false;ComponentName;(Context,Class);;Argument[1];Argument[-1];taint"
21+
ComponentName out = null;
22+
Class in = (Class) source();
23+
out = new ComponentName((Context) null, in);
24+
sink(out); // $ hasTaintFlow
25+
}
26+
{
27+
// "android.content;ComponentName;false;ComponentName;(Context,String);;Argument[1];Argument[-1];taint"
28+
ComponentName out = null;
29+
String in = (String) source();
30+
out = new ComponentName((Context) null, in);
31+
sink(out); // $ hasTaintFlow
32+
}
33+
{
34+
// "android.content;ComponentName;false;ComponentName;(Parcel);;Argument[0];Argument[-1];taint"
35+
ComponentName out = null;
36+
Parcel in = (Parcel) source();
37+
out = new ComponentName(in);
38+
sink(out); // $ hasTaintFlow
39+
}
40+
{
41+
// "android.content;ComponentName;false;ComponentName;(String,String);;Argument[0..1];Argument[-1];taint"
42+
ComponentName out = null;
43+
String in = (String) source();
44+
out = new ComponentName(in, (String) null);
45+
sink(out); // $ hasTaintFlow
46+
}
47+
{
48+
// "android.content;ComponentName;false;ComponentName;(String,String);;Argument[0..1];Argument[-1];taint"
49+
ComponentName out = null;
50+
String in = (String) source();
51+
out = new ComponentName((String) null, in);
52+
sink(out); // $ hasTaintFlow
53+
}
54+
{
55+
// "android.content;ComponentName;false;createRelative;(Context,String);;Argument[1];ReturnValue;taint"
56+
ComponentName out = null;
57+
String in = (String) source();
58+
out = ComponentName.createRelative((Context) null, in);
59+
sink(out); // $ hasTaintFlow
60+
}
61+
{
62+
// "android.content;ComponentName;false;createRelative;(String,String);;Argument[0..1];ReturnValue;taint"
63+
ComponentName out = null;
64+
String in = (String) source();
65+
out = ComponentName.createRelative(in, (String) null);
66+
sink(out); // $ hasTaintFlow
67+
}
68+
{
69+
// "android.content;ComponentName;false;createRelative;(String,String);;Argument[0..1];ReturnValue;taint"
70+
ComponentName out = null;
71+
String in = (String) source();
72+
out = ComponentName.createRelative((String) null, in);
73+
sink(out); // $ hasTaintFlow
74+
}
75+
{
76+
// "android.content;ComponentName;false;flattenToShortString;;;Argument[-1];ReturnValue;taint"
77+
String out = null;
78+
ComponentName in = (ComponentName) source();
79+
out = in.flattenToShortString();
80+
sink(out); // $ hasTaintFlow
81+
}
82+
{
83+
// "android.content;ComponentName;false;flattenToString;;;Argument[-1];ReturnValue;taint"
84+
String out = null;
85+
ComponentName in = (ComponentName) source();
86+
out = in.flattenToString();
87+
sink(out); // $ hasTaintFlow
88+
}
89+
{
90+
// "android.content;ComponentName;false;getClassName;;;Argument[-1];ReturnValue;taint"
91+
String out = null;
92+
ComponentName in = (ComponentName) source();
93+
out = in.getClassName();
94+
sink(out); // $ hasTaintFlow
95+
}
96+
{
97+
// "android.content;ComponentName;false;getPackageName;;;Argument[-1];ReturnValue;taint"
98+
String out = null;
99+
ComponentName in = (ComponentName) source();
100+
out = in.getPackageName();
101+
sink(out); // $ hasTaintFlow
102+
}
103+
{
104+
// "android.content;ComponentName;false;getShortClassName;;;Argument[-1];ReturnValue;taint"
105+
String out = null;
106+
ComponentName in = (ComponentName) source();
107+
out = in.getShortClassName();
108+
sink(out); // $ hasTaintFlow
109+
}
110+
{
111+
// "android.content;ComponentName;false;unflattenFromString;;;Argument[0];ReturnValue;taint"
112+
ComponentName out = null;
113+
String in = (String) source();
114+
out = ComponentName.unflattenFromString(in);
115+
sink(out); // $ hasTaintFlow
116+
}
117+
{
118+
// "android.content;Intent;true;Intent;(Context,Class);;Argument[1];Argument[-1];taint"
119+
Intent out = null;
120+
Class in = (Class) source();
121+
out = new Intent((Context) null, in);
122+
sink(out); // $ hasTaintFlow
123+
}
124+
{
125+
// "android.content;Intent;true;Intent;(Intent);;Argument[0];Argument[-1];taint"
126+
Intent out = null;
127+
Intent in = (Intent) source();
128+
out = new Intent(in);
129+
sink(out); // $ hasTaintFlow
130+
}
131+
{
132+
// "android.content;Intent;true;Intent;(String,Uri,Context,Class);;Argument[3];Argument[-1];taint"
133+
Intent out = null;
134+
Class in = (Class) source();
135+
out = new Intent(null, null, null, in);
136+
sink(out); // $ hasTaintFlow
137+
}
138+
{
139+
// "android.content;Intent;true;setClass;;;Argument[-1];ReturnValue;taint"
140+
Intent out = null;
141+
Intent in = (Intent) source();
142+
out = in.setClass(null, null);
143+
sink(out); // $ hasTaintFlow
144+
}
145+
{
146+
// "android.content;Intent;true;setClass;;;Argument[1];Argument[-1];taint"
147+
Intent out = null;
148+
Class in = (Class) source();
149+
out.setClass(null, in);
150+
sink(out); // $ hasTaintFlow
151+
}
152+
{
153+
// "android.content;Intent;true;setClassName;(Context,String);;Argument[1];Argument[-1];taint"
154+
Intent out = null;
155+
String in = (String) source();
156+
out.setClassName((Context) null, in);
157+
sink(out); // $ hasTaintFlow
158+
}
159+
{
160+
// "android.content;Intent;true;setClassName;(String,String);;Argument[0..1];Argument[-1];taint"
161+
Intent out = null;
162+
String in = (String) source();
163+
out.setClassName(in, (String) null);
164+
sink(out); // $ hasTaintFlow
165+
}
166+
{
167+
// "android.content;Intent;true;setClassName;(String,String);;Argument[0..1];Argument[-1];taint"
168+
Intent out = null;
169+
String in = (String) source();
170+
out.setClassName((String) null, in);
171+
sink(out); // $ hasTaintFlow
172+
}
173+
{
174+
// "android.content;Intent;true;setClassName;;;Argument[-1];ReturnValue;taint"
175+
Intent out = null;
176+
Intent in = (Intent) source();
177+
out = in.setClassName((String) null, (String) null);
178+
sink(out); // $ hasTaintFlow
179+
}
180+
{
181+
// "android.content;Intent;true;setClassName;;;Argument[-1];ReturnValue;taint"
182+
Intent out = null;
183+
Intent in = (Intent) source();
184+
out = in.setClassName((Context) null, (String) null);
185+
sink(out); // $ hasTaintFlow
186+
}
187+
{
188+
// "android.content;Intent;true;setComponent;;;Argument[-1];ReturnValue;taint"
189+
Intent out = null;
190+
Intent in = (Intent) source();
191+
out = in.setComponent(null);
192+
sink(out); // $ hasTaintFlow
193+
}
194+
{
195+
// "android.content;Intent;true;setComponent;;;Argument[0];Argument[-1];taint"
196+
Intent out = null;
197+
ComponentName in = (ComponentName) source();
198+
out.setComponent(in);
199+
sink(out); // $ hasTaintFlow
200+
}
201+
{
202+
// "android.content;Intent;true;setPackage;;;Argument[-1];ReturnValue;taint"
203+
Intent out = null;
204+
Intent in = (Intent) source();
205+
out = in.setPackage(null);
206+
sink(out); // $ hasTaintFlow
207+
}
208+
{
209+
// "android.content;Intent;true;setPackage;;;Argument[0];Argument[-1];taint"
210+
Intent out = null;
211+
String in = (String) source();
212+
out.setPackage(in);
213+
sink(out); // $ hasTaintFlow
214+
}
215+
216+
}
217+
218+
}

java/ql/test/library-tests/frameworks/android/intents/options

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0

java/ql/test/library-tests/frameworks/android/intents/test.expected

Whitespace-only changes.

java/ql/test/library-tests/frameworks/android/intents/test.ql

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
import java
2+
import semmle.code.java.dataflow.DataFlow
3+
import semmle.code.java.dataflow.ExternalFlow
4+
import semmle.code.java.dataflow.TaintTracking
5+
import TestUtilities.InlineExpectationsTest
6+
7+
class ValueFlowConf extends DataFlow::Configuration {
8+
ValueFlowConf() { this = "qltest:valueFlowConf" }
9+
10+
override predicate isSource(DataFlow::Node n) {
11+
n.asExpr().(MethodAccess).getMethod().hasName("source")
12+
}
13+
14+
override predicate isSink(DataFlow::Node n) {
15+
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
16+
}
17+
}
18+
19+
class TaintFlowConf extends TaintTracking::Configuration {
20+
TaintFlowConf() { this = "qltest:taintFlowConf" }
21+
22+
override predicate isSource(DataFlow::Node n) {
23+
n.asExpr().(MethodAccess).getMethod().hasName("source")
24+
}
25+
26+
override predicate isSink(DataFlow::Node n) {
27+
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
28+
}
29+
}
30+
31+
class HasFlowTest extends InlineExpectationsTest {
32+
HasFlowTest() { this = "HasFlowTest" }
33+
34+
override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
35+
36+
override predicate hasActualResult(Location location, string element, string tag, string value) {
37+
tag = "hasValueFlow" and
38+
exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
39+
sink.getLocation() = location and
40+
element = sink.toString() and
41+
value = ""
42+
)
43+
or
44+
tag = "hasTaintFlow" and
45+
exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
46+
conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
47+
|
48+
sink.getLocation() = location and
49+
element = sink.toString() and
50+
value = ""
51+
)
52+
}
53+
}

0 commit comments

Comments
 (0)