Switch to inline expectations tests

joefarebrother · joefarebrother · commit ae461bcfe413 · 2021-10-20T17:09:57.000+01:00
diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.expected b/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.expected
@@ -1,37 +0,0 @@
-edges
-| SensitiveBroadcast.java:12:34:12:38 | token : String | SensitiveBroadcast.java:14:31:14:36 | intent |
-| SensitiveBroadcast.java:13:41:13:52 | refreshToken : String | SensitiveBroadcast.java:14:31:14:36 | intent |
-| SensitiveBroadcast.java:25:32:25:39 | password : String | SensitiveBroadcast.java:26:31:26:36 | intent |
-| SensitiveBroadcast.java:36:35:36:39 | email : String | SensitiveBroadcast.java:38:31:38:36 | intent |
-| SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] [<element>] : String | SensitiveBroadcast.java:52:31:52:36 | intent |
-| SensitiveBroadcast.java:50:22:50:29 | password : String | SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] [<element>] : String |
-| SensitiveBroadcast.java:97:35:97:40 | ticket : String | SensitiveBroadcast.java:98:54:98:59 | intent |
-| SensitiveBroadcast.java:109:32:109:39 | passcode : String | SensitiveBroadcast.java:111:54:111:59 | intent |
-| SensitiveBroadcast.java:136:33:136:38 | passwd : String | SensitiveBroadcast.java:140:54:140:59 | intent |
-nodes
-| SensitiveBroadcast.java:12:34:12:38 | token : String | semmle.label | token : String |
-| SensitiveBroadcast.java:13:41:13:52 | refreshToken : String | semmle.label | refreshToken : String |
-| SensitiveBroadcast.java:14:31:14:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:25:32:25:39 | password : String | semmle.label | password : String |
-| SensitiveBroadcast.java:26:31:26:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:36:35:36:39 | email : String | semmle.label | email : String |
-| SensitiveBroadcast.java:38:31:38:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] [<element>] : String | semmle.label | userinfo [post update] [<element>] : String |
-| SensitiveBroadcast.java:50:22:50:29 | password : String | semmle.label | password : String |
-| SensitiveBroadcast.java:52:31:52:36 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:97:35:97:40 | ticket : String | semmle.label | ticket : String |
-| SensitiveBroadcast.java:98:54:98:59 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:109:32:109:39 | passcode : String | semmle.label | passcode : String |
-| SensitiveBroadcast.java:111:54:111:59 | intent | semmle.label | intent |
-| SensitiveBroadcast.java:136:33:136:38 | passwd : String | semmle.label | passwd : String |
-| SensitiveBroadcast.java:140:54:140:59 | intent | semmle.label | intent |
-subpaths
-#select
-| SensitiveBroadcast.java:14:31:14:36 | intent | SensitiveBroadcast.java:12:34:12:38 | token : String | SensitiveBroadcast.java:14:31:14:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:12:34:12:38 | token | sensitive information |
-| SensitiveBroadcast.java:14:31:14:36 | intent | SensitiveBroadcast.java:13:41:13:52 | refreshToken : String | SensitiveBroadcast.java:14:31:14:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:13:41:13:52 | refreshToken | sensitive information |
-| SensitiveBroadcast.java:26:31:26:36 | intent | SensitiveBroadcast.java:25:32:25:39 | password : String | SensitiveBroadcast.java:26:31:26:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:25:32:25:39 | password | sensitive information |
-| SensitiveBroadcast.java:38:31:38:36 | intent | SensitiveBroadcast.java:36:35:36:39 | email : String | SensitiveBroadcast.java:38:31:38:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:36:35:36:39 | email | sensitive information |
-| SensitiveBroadcast.java:52:31:52:36 | intent | SensitiveBroadcast.java:50:22:50:29 | password : String | SensitiveBroadcast.java:52:31:52:36 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:50:22:50:29 | password | sensitive information |
-| SensitiveBroadcast.java:98:54:98:59 | intent | SensitiveBroadcast.java:97:35:97:40 | ticket : String | SensitiveBroadcast.java:98:54:98:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:97:35:97:40 | ticket | sensitive information |
-| SensitiveBroadcast.java:111:54:111:59 | intent | SensitiveBroadcast.java:109:32:109:39 | passcode : String | SensitiveBroadcast.java:111:54:111:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:109:32:109:39 | passcode | sensitive information |
-| SensitiveBroadcast.java:140:54:140:59 | intent | SensitiveBroadcast.java:136:33:136:38 | passwd : String | SensitiveBroadcast.java:140:54:140:59 | intent | Sending $@ to broadcast. | SensitiveBroadcast.java:136:33:136:38 | passwd | sensitive information |
diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.java b/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.java
@@ -11,7 +11,7 @@ public void sendBroadcast1(Context context, String token, String refreshToken) {
         intent.setAction("com.example.custom_action");
         intent.putExtra("token", token);
         intent.putExtra("refreshToken", refreshToken);
-        context.sendBroadcast(intent);
+        context.sendBroadcast(intent); // $ hasTaintFlow 
     }
 
     // BAD - Tests broadcast of sensitive user information with intent extra.
@@ -23,7 +23,7 @@ public void sendBroadcast2(Context context) {
         intent.setAction("com.example.custom_action");
         intent.putExtra("name", userName);
         intent.putExtra("pwd", password);
-        context.sendBroadcast(intent);
+        context.sendBroadcast(intent); // $ hasTaintFlow 
     }
 
     // BAD - Tests broadcast of email information with extra bundle.
@@ -35,7 +35,7 @@ public void sendBroadcast3(Context context) {
         Bundle bundle = new Bundle();
         bundle.putString("email", email);
         intent.putExtras(bundle);
-        context.sendBroadcast(intent);
+        context.sendBroadcast(intent); // $ hasTaintFlow 
     }    
 
     // BAD - Tests broadcast of sensitive user information with null permission.
@@ -49,7 +49,7 @@ public void sendBroadcast4(Context context) {
         userinfo.add(username);
         userinfo.add(password);
         intent.putStringArrayListExtra("userinfo", userinfo);
-        context.sendBroadcast(intent, null);
+        context.sendBroadcast(intent, null); // $ hasTaintFlow 
     }
 
     // GOOD - Tests broadcast of sensitive user information with permission using string literal.
@@ -72,7 +72,7 @@ public void sendBroadcast6(Context context) {
         intent.setAction("com.example.custom_action");
         intent.putExtra("ticket", ticket);
         String perm = "com.example.user_permission";
-        context.sendBroadcast(intent, perm);
+        context.sendBroadcast(intent, perm); // $ hasTaintFlow 
     }
 
     // GOOD - Tests broadcast of sensitive user information to a specific application.
@@ -95,7 +95,7 @@ public void sendBroadcast8(Context context) {
         Intent intent = new Intent();
         intent.setAction("com.example.custom_action");
         intent.putExtra("ticket", ticket);
-        context.sendBroadcastWithMultiplePermissions(intent, new String[]{});
+        context.sendBroadcastWithMultiplePermissions(intent, new String[]{}); // $ hasTaintFlow 
     }    
 
     // BAD - Tests broadcast of sensitive user information with multiple permissions using empty array initialization through a variable.
@@ -108,7 +108,7 @@ public void sendBroadcast9(Context context) {
         intent.putExtra("name", username);
         intent.putExtra("pwd", passcode);
         String[] perms = new String[0];
-        context.sendBroadcastWithMultiplePermissions(intent, perms);
+        context.sendBroadcastWithMultiplePermissions(intent, perms); // $ hasTaintFlow 
     }    
 
     // GOOD - Tests broadcast of sensitive user information with multiple permissions.
@@ -133,11 +133,11 @@ public void sendBroadcast11(Context context) {
         intent.setAction("com.example.custom_action");
         Bundle bundle = new Bundle();
         bundle.putString("name", username);
-        bundle.putString("pwd", passwd);
+        bundle.putString("pwd", passwd); 
         intent.putExtras(bundle);
         String[] perms = new String[0];
         String[] perms2 = perms;
-        context.sendBroadcastWithMultiplePermissions(intent, perms2);
+        context.sendBroadcastWithMultiplePermissions(intent, perms2); // $ hasTaintFlow 
     }    
 
     /** 
@@ -156,7 +156,7 @@ public void sendBroadcast12(Context context) {
         intent.getExtras().putString("pwd", password);
         String[] perms = new String[0];
         String[] perms2 = perms;
-        context.sendBroadcastWithMultiplePermissions(intent, perms2);
+        context.sendBroadcastWithMultiplePermissions(intent, perms2); // $ hasTaintFlow 
     }    
 
     // GOOD - Tests broadcast of sensitive user information with ordered broadcast.
diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.ql b/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.ql
@@ -0,0 +1,20 @@
+import java
+import semmle.code.java.security.AndroidSensitiveBroadcastQuery
+import TestUtilities.InlineExpectationsTest
+
+class HasFlowTest extends InlineExpectationsTest {
+  HasFlowTest() { this = "HasFlowTest" }
+
+  override string getARelevantTag() { result = "hasTaintFlow" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasTaintFlow" and
+    exists(DataFlow::Node src, DataFlow::Node sink, SensitiveBroadcastConfig conf |
+      conf.hasFlow(src, sink)
+    |
+      sink.getLocation() = location and
+      element = sink.toString() and
+      value = ""
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.qlref b/java/ql/test/query-tests/security/CWE-927/SensitiveBroadcast.qlref
