Setting null Components is not a sanitizer

Author: atorralba

java/ql/lib/semmle/code/java/frameworks/android/Intent.qll

@@ -99,6 +99,7 @@ class ExplicitIntent extends Expr {
       ma.getMethod() = m and
       m.getDeclaringType() instanceof TypeIntent and
       m.hasName(["setPackage", "setClass", "setClassName", "setComponent"]) and
+      not exists(NullLiteral nullLiteral | DataFlow::localExprFlow(nullLiteral, ma.getAnArgument())) and
       ma.getQualifier() = this
     )
     or

java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java

@@ -34,6 +34,9 @@ public static void testPendingIntentAsAnExtra(Context ctx)
             ctx.startService(fwdIntent); // Safe
             ctx.sendBroadcast(fwdIntent); // $hasImplicitPendingIntent
 
+            fwdIntent.setComponent(null); // Not a sanitizer
+            ctx.startActivity(fwdIntent); // $hasImplicitPendingIntent
+
             fwdIntent.setPackage("a.safe.package"); // Sanitizer
             ctx.startActivity(fwdIntent); // Safe
         }
@@ -285,19 +288,5 @@ public boolean onCreateSliceProvider() {
             mPendingIntent = PendingIntent.getActivity(getContext(), 0, baseIntent, 0);
             return true;
         }
-
-        // Implementations needed for compilation
-
-        @Override
-        public AssetFileDescriptor openTypedAssetFile(Uri uri, String mimeTypeFilter, Bundle opts,
-                CancellationSignal signal) throws RemoteException, FileNotFoundException {
-            return null;
-        }
-
-        @Override
-        public Bundle call(String authority, String method, String arg, Bundle extras)
-                throws RemoteException {
-            return null;
-        }
     }
 }