Skip to content

Commit bae0da8

Browse files
joefarebrotherjoefarebrother
committed
Remove existing get methods
1 parent 1e8dd7a commit bae0da8

File tree

1 file changed

+1
-37
lines changed

1 file changed

+1
-37
lines changed

java/ql/src/semmle/code/java/security/AndroidSensitiveBroadcastQuery.qll

Lines changed: 1 addition & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/** Provides classes to reason about Android Sensitive Broadcast queries */
1+
/** Provides definitions to reason about Android Sensitive Broadcast queries */
22

33
import java
44
import semmle.code.java.dataflow.DataFlow3
@@ -11,29 +11,6 @@ import semmle.code.java.security.SensitiveActions
1111
*/
1212
private string getAndroidSensitiveInfoRegex() { result = "(?i).*(email|phone|ticket).*" }
1313

14-
/**
15-
* Method call to pass information to the `Intent` object.
16-
*/
17-
class PutIntentExtraMethodAccess extends MethodAccess {
18-
PutIntentExtraMethodAccess() {
19-
(
20-
getMethod().getName().matches("put%Extra") or
21-
getMethod().hasName("putExtras")
22-
) and
23-
getMethod().getDeclaringType() instanceof TypeIntent
24-
}
25-
}
26-
27-
/**
28-
* Method call to pass information to the intent extra bundle object.
29-
*/
30-
class PutBundleExtraMethodAccess extends MethodAccess {
31-
PutBundleExtraMethodAccess() {
32-
getMethod().getName().regexpMatch("put\\w+") and
33-
getMethod().getDeclaringType().getASupertype*().hasQualifiedName("android.os", "BaseBundle")
34-
}
35-
}
36-
3714
/** Finds variables that hold sensitive information judging by their names. */
3815
class SensitiveInfoExpr extends Expr {
3916
SensitiveInfoExpr() {
@@ -133,19 +110,6 @@ class SensitiveBroadcastConfig extends TaintTracking::Configuration {
133110

134111
override predicate isSink(DataFlow::Node sink) { isSensitiveBroadcastSink(sink) }
135112

136-
/**
137-
* Holds if there is an additional flow step from `PutIntentExtraMethodAccess` or `PutBundleExtraMethodAccess` that taints the `Intent` or its extras `Bundle`.
138-
*/
139-
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
140-
exists(PutIntentExtraMethodAccess pia |
141-
node1.asExpr() = pia.getAnArgument() and node2.asExpr() = pia.getQualifier()
142-
)
143-
or
144-
exists(PutBundleExtraMethodAccess pba |
145-
node1.asExpr() = pba.getAnArgument() and node2.asExpr() = pba.getQualifier()
146-
)
147-
}
148-
149113
/**
150114
* Holds if broadcast doesn't specify receiving package name of the 3rd party app
151115
*/

0 commit comments

Comments
 (0)