Skip to content

Commit b33daa3

Browse files
smowtonsmowton
committed
Update Intent model tests, and fix models where required
1 parent 4be2347 commit b33daa3

File tree

2 files changed

+107
-5
lines changed
  • java/ql
    • lib/semmle/code/java/frameworks/android
    • test/library-tests/frameworks/android/intent

2 files changed

+107
-5
lines changed

java/ql/lib/semmle/code/java/frameworks/android/Intent.qll

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -145,8 +145,8 @@ private class IntentBundleFlowSteps extends SummaryModelCsv {
145145
// currently only the Extras part of the intent and the data field are fully modelled
146146
"android.content;Intent;false;Intent;(Intent);;MapKey of SyntheticField[android.content.Intent.extras] of Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
147147
"android.content;Intent;false;Intent;(Intent);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[0];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
148-
"android.content;Intent;false;Intent;(String,Uri);;Argument[1];MapValue of SyntheticField[android.content.Intent.data] of Argument[-1];value",
149-
"android.content;Intent;false;Intent;(String,Uri,Context,Class);;Argument[1];MapValue of SyntheticField[android.content.Intent.data] of Argument[-1];value",
148+
"android.content;Intent;false;Intent;(String,Uri);;Argument[1];SyntheticField[android.content.Intent.data] of Argument[-1];value",
149+
"android.content;Intent;false;Intent;(String,Uri,Context,Class);;Argument[1];SyntheticField[android.content.Intent.data] of Argument[-1];value",
150150
"android.content;Intent;true;addCategory;;;Argument[-1];ReturnValue;value",
151151
"android.content;Intent;true;addFlags;;;Argument[-1];ReturnValue;value",
152152
"android.content;Intent;false;createChooser;;;Argument[0..2];MapValue of SyntheticField[android.content.Intent.extras] of ReturnValue;value",
@@ -159,16 +159,16 @@ private class IntentBundleFlowSteps extends SummaryModelCsv {
159159
"android.content;Intent;true;getData;;;SyntheticField[android.content.Intent.data] of Argument[-1];ReturnValue;value",
160160
"android.content;Intent;true;getDataString;;;SyntheticField[android.content.Intent.data] of Argument[-1];ReturnValue;taint",
161161
"android.content;Intent;true;getExtras;();;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
162-
"android.content;Intent;false;getIntent;();;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint",
163-
"android.content;Intent;false;getIntentOld;();;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint",
162+
"android.content;Intent;false;getIntent;;;Argument[0];SyntheticField[android.content.Intent.data] of ReturnValue;taint",
163+
"android.content;Intent;false;getIntentOld;;;Argument[0];SyntheticField[android.content.Intent.data] of ReturnValue;taint",
164164
"android.content;Intent;true;getParcelableArrayExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
165165
"android.content;Intent;true;getParcelableArrayListExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
166166
"android.content;Intent;true;getParcelableExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
167167
"android.content;Intent;true;getSerializableExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
168168
"android.content;Intent;true;getStringArrayExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
169169
"android.content;Intent;true;getStringArrayListExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
170170
"android.content;Intent;true;getStringExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
171-
"android.content;Intent;false;parseUri;();;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint",
171+
"android.content;Intent;false;parseUri;;;Argument[0];SyntheticField[android.content.Intent.data] of ReturnValue;taint",
172172
"android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
173173
"android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[1];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
174174
"android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[-1];ReturnValue;value",

java/ql/test/library-tests/frameworks/android/intent/Test.java

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22

33
import android.content.Context;
44
import android.content.Intent;
5+
import android.content.IntentSender;
6+
import android.net.Uri;
57
import android.os.BaseBundle;
68
import android.os.Bundle;
79
import android.os.IBinder;
@@ -21,10 +23,12 @@ public class Test {
2123
String getMapKey(BaseBundle b) { return b.keySet().iterator().next(); }
2224
Object getMapValue(BaseBundle b) { return null; }
2325
Intent newWithIntent_extras(Bundle b) { return null; }
26+
Intent newWithIntent_data(Uri data) { return new Intent("title", data); }
2427
Bundle newBundleWithMapKey(String k) { Bundle b = new Bundle(); b.putInt(k, 0); return b; }
2528
PersistableBundle newPersistableBundleWithMapKey(String k) { PersistableBundle b = new PersistableBundle(); b.putInt(k, 0); return b; }
2629
Bundle newBundleWithMapValue(Object element) { return null; }
2730
PersistableBundle newPersistableBundleWithMapValue(Object element) { return null; }
31+
Uri getData(Intent intent) { return intent.getData(); }
2832
<T> T source() { return null; }
2933
void sink(Object o) { }
3034

@@ -44,6 +48,20 @@ public void test() throws Exception {
4448
out = new Intent(in);
4549
sink(getMapValue(getIntent_extras(out))); // $ hasValueFlow
4650
}
51+
{
52+
// "android.content;Intent;false;Intent;(String,Uri);;Argument[1];SyntheticField[android.content.Intent.data] of Argument[-1];value"
53+
Intent out = null;
54+
Uri in = (Uri)source();
55+
out = new Intent(null, in);
56+
sink(getData(out)); // $ hasValueFlow
57+
}
58+
{
59+
// "android.content;Intent;false;Intent;(String,Uri,Context,Class);;Argument[1];SyntheticField[android.content.Intent.data] of Argument[-1];value"
60+
Intent out = null;
61+
Uri in = (Uri)source();
62+
out = new Intent(null, in, null, null);
63+
sink(getData(out)); // $ hasValueFlow
64+
}
4765
{
4866
// "android.content;Intent;true;addCategory;;;Argument[-1];ReturnValue;value"
4967
Intent out = null;
@@ -58,6 +76,27 @@ public void test() throws Exception {
5876
out = in.addFlags(0);
5977
sink(out); // $ hasValueFlow
6078
}
79+
{
80+
// "android.content;Intent;false;createChooser;;;Argument[0..2];MapValue of SyntheticField[android.content.Intent.extras] of ReturnValue;value"
81+
Intent out = null;
82+
CharSequence in = (CharSequence)source();
83+
out = Intent.createChooser(null, in, null);
84+
sink(getMapValue(getIntent_extras(out))); // $ hasValueFlow
85+
}
86+
{
87+
// "android.content;Intent;false;createChooser;;;Argument[0..2];MapValue of SyntheticField[android.content.Intent.extras] of ReturnValue;value"
88+
Intent out = null;
89+
IntentSender in = (IntentSender)source();
90+
out = Intent.createChooser(null, null, in);
91+
sink(getMapValue(getIntent_extras(out))); // $ hasValueFlow
92+
}
93+
{
94+
// "android.content;Intent;false;createChooser;;;Argument[0..2];MapValue of SyntheticField[android.content.Intent.extras] of ReturnValue;value"
95+
Intent out = null;
96+
Intent in = (Intent)source();
97+
out = Intent.createChooser(in, null, null);
98+
sink(getMapValue(getIntent_extras(out))); // $ hasValueFlow
99+
}
61100
{
62101
// "android.content;Intent;true;getBundleExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value"
63102
Bundle out = null;
@@ -100,13 +139,41 @@ public void test() throws Exception {
100139
out = in.getCharSequenceExtra(null);
101140
sink(out); // $ hasValueFlow
102141
}
142+
{
143+
// "android.content;Intent;true;getData;;;SyntheticField[android.content.Intent.data] of Argument[-1];ReturnValue;value"
144+
Uri out = null;
145+
Intent in = (Intent)newWithIntent_data(source());
146+
out = in.getData();
147+
sink(out); // $ hasValueFlow
148+
}
149+
{
150+
// "android.content;Intent;true;getDataString;;;SyntheticField[android.content.Intent.data] of Argument[-1];ReturnValue;taint"
151+
String out = null;
152+
Intent in = (Intent)newWithIntent_data(source());
153+
out = in.getDataString();
154+
sink(out); // $ hasTaintFlow
155+
}
103156
{
104157
// "android.content;Intent;true;getExtras;();;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value"
105158
Bundle out = null;
106159
Intent in = (Intent)newWithIntent_extras(source());
107160
out = in.getExtras();
108161
sink(out); // $ hasValueFlow
109162
}
163+
{
164+
// "android.content;Intent;false;getIntent;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint"
165+
Intent out = null;
166+
String in = (String)source();
167+
out = Intent.getIntent(in);
168+
sink(out.getData()); // $ hasTaintFlow
169+
}
170+
{
171+
// "android.content;Intent;false;getIntentOld;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint"
172+
Intent out = null;
173+
String in = (String)source();
174+
out = Intent.getIntentOld(in);
175+
sink(out.getData()); // $ hasTaintFlow
176+
}
110177
{
111178
// "android.content;Intent;true;getParcelableArrayExtra;(String);;MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value"
112179
Parcelable[] out = null;
@@ -156,6 +223,13 @@ public void test() throws Exception {
156223
out = in.getStringExtra(null);
157224
sink(out); // $ hasValueFlow
158225
}
226+
{
227+
// "android.content;Intent;false;parseUri;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];taint"
228+
Intent out = null;
229+
String in = (String)source();
230+
out = Intent.parseUri(in, 0);
231+
sink(out.getData()); // $ hasTaintFlow
232+
}
159233
{
160234
// "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[-1];ReturnValue;value"
161235
Intent out = null;
@@ -863,6 +937,34 @@ public void test() throws Exception {
863937
out = in.setData(null);
864938
sink(out); // $ hasValueFlow
865939
}
940+
{
941+
// "android.content;Intent;true;setData;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];value",
942+
Uri in = (Uri)source();
943+
Intent instance = new Intent();
944+
instance.setData(in);
945+
sink(instance.getData()); // $ hasValueFlow
946+
}
947+
{
948+
// "android.content;Intent;true;setDataAndNormalize;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];value",
949+
Uri in = (Uri)source();
950+
Intent instance = new Intent();
951+
instance.setDataAndNormalize(in);
952+
sink(instance.getData()); // $ hasValueFlow
953+
}
954+
{
955+
// "android.content;Intent;true;setDataAndType;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];value",
956+
Uri in = (Uri)source();
957+
Intent instance = new Intent();
958+
instance.setDataAndType(in, null);
959+
sink(instance.getData()); // $ hasValueFlow
960+
}
961+
{
962+
// "android.content;Intent;true;setDataAndTypeAndNormalize;;;Argument[0];SyntheticField[android.content.Intent.data] of Argument[-1];value",
963+
Uri in = (Uri)source();
964+
Intent instance = new Intent();
965+
instance.setDataAndTypeAndNormalize(in, null);
966+
sink(instance.getData()); // $ hasValueFlow
967+
}
866968
{
867969
// "android.content;Intent;true;setDataAndNormalize;;;Argument[-1];ReturnValue;value"
868970
Intent out = null;

0 commit comments

Comments
 (0)