Skip to content

Commit c0c40cc

Browse files
atorralbaatorralba
committed
Remove synthetic fields
1 parent 3a3c7fc commit c0c40cc

File tree

3 files changed

+27
-47
lines changed

3 files changed

+27
-47
lines changed

java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll

Lines changed: 13 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -5,35 +5,30 @@ private import semmle.code.java.dataflow.DataFlow
55
private import semmle.code.java.dataflow.ExternalFlow
66
private import semmle.code.java.dataflow.FlowSteps
77

8-
private class NotificationActionsInheritTaint extends DataFlow::SyntheticFieldContent,
9-
TaintInheritingContent {
10-
NotificationActionsInheritTaint() { this.getField().matches("android.app.Notification.action") }
11-
}
12-
138
private class NotificationBuildersSummaryModels extends SummaryModelCsv {
149
override predicate row(string row) {
1510
row =
1611
[
17-
"android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
18-
"android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
19-
"android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
20-
"android.app;Notification$Action$Builder;true;Builder;(Action);;SyntheticField[android.app.Notification.action] of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
12+
"android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
13+
"android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
14+
"android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
15+
"android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint",
2116
"android.app;Notification$Action$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
2217
"android.app;Notification$Action$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
23-
"android.app;Notification$Action$Builder;true;build;;;SyntheticField[android.app.Notification.action] of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint",
18+
"android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint",
2419
"android.app;Notification$Action$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
25-
"android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
26-
"android.app;Notification$Builder;true;addAction;(Action);;SyntheticField[android.app.Notification.action] of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
20+
"android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
21+
"android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint",
2722
"android.app;Notification$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
2823
"android.app;Notification$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.content.Intent.extras] of Argument[-1];value",
29-
"android.app;Notification$Builder;true;build;;;SyntheticField[android.app.Notification.action] of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint",
30-
"android.app;Notification$Builder;true;setContentIntent;;;Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
24+
"android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint",
25+
"android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint",
3126
"android.app;Notification$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras] of Argument[-1];ReturnValue;value",
32-
"android.app;Notification$Builder;true;recoverBuilder;;;SyntheticField[android.app.Notification.action] of Argument[1];SyntheticField[android.app.Notification.action] of ReturnValue;taint",
33-
"android.app;Notification$Builder;true;setActions;;;SyntheticField[android.app.Notification.action] of ArrayElement of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
27+
"android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint",
28+
"android.app;Notification$Builder;true;setActions;;;ArrayElement of Argument[0];Argument[-1];taint",
3429
"android.app;Notification$Builder;true;setExtras;;;Argument[0];SyntheticField[android.content.Intent.extras] of Argument[-1];value",
35-
"android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
36-
"android.app;Notification$Builder;true;setPublicVersion;;;SyntheticField[android.app.Notification.action] of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint",
30+
"android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint",
31+
"android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint",
3732
// Fluent models
3833
"android.app;Notification$Action$Builder;true;" +
3934
[

java/ql/test/library-tests/frameworks/android/notification/Test.java

Lines changed: 14 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -42,24 +42,21 @@ void sink(Object o) {}
4242
public void test() throws Exception {
4343

4444
{
45-
// "android.app;Notification$Action$Builder;true;Builder;(Action);;SyntheticField[android.app.Notification.action]
46-
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
45+
// "android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint"
4746
Notification.Action.Builder out = null;
4847
Notification.Action in = (Notification.Action) source();
4948
out = new Notification.Action.Builder(in);
5049
sink(out); // $ hasTaintFlow
5150
}
5251
{
53-
// "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
54-
// of Argument[-1];taint"
52+
// "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
5553
Notification.Action.Builder out = null;
5654
PendingIntent in = (PendingIntent) source();
5755
out = new Notification.Action.Builder((Icon) null, (CharSequence) null, in);
5856
sink(out); // $ hasTaintFlow
5957
}
6058
{
61-
// "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
62-
// of Argument[-1];taint"
59+
// "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
6360
Notification.Action.Builder out = null;
6461
PendingIntent in = (PendingIntent) source();
6562
out = new Notification.Action.Builder(0, (CharSequence) null, in);
@@ -98,8 +95,7 @@ public void test() throws Exception {
9895
sink(out); // $ hasValueFlow
9996
}
10097
{
101-
// "android.app;Notification$Action$Builder;true;build;;;SyntheticField[android.app.Notification.action]
102-
// of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
98+
// "android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint"
10399
Notification.Action out = null;
104100
Notification.Action.Builder in = (Notification.Action.Builder) source();
105101
out = in.build();
@@ -149,24 +145,21 @@ public void test() throws Exception {
149145
sink(out); // $ hasValueFlow
150146
}
151147
{
152-
// "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
153-
// of Argument[-1];taint"
148+
// "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
154149
Notification.Action out = null;
155150
PendingIntent in = (PendingIntent) source();
156151
out = new Notification.Action(0, null, in);
157152
sink(out); // $ hasTaintFlow
158153
}
159154
{
160-
// "android.app;Notification$Builder;true;addAction;(Action);;SyntheticField[android.app.Notification.action]
161-
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
155+
// "android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint"
162156
Notification.Builder out = null;
163157
Notification.Action in = (Notification.Action) source();
164158
out.addAction(in);
165159
sink(out); // $ hasTaintFlow
166160
}
167161
{
168-
// "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
169-
// of Argument[-1];taint"
162+
// "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
170163
Notification.Builder out = null;
171164
PendingIntent in = (PendingIntent) source();
172165
out.addAction(0, null, in);
@@ -224,8 +217,7 @@ public void test() throws Exception {
224217
sink(out); // $ hasValueFlow
225218
}
226219
{
227-
// "android.app;Notification$Builder;true;build;;;SyntheticField[android.app.Notification.action]
228-
// of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
220+
// "android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint"
229221
Notification out = null;
230222
Notification.Builder in = (Notification.Builder) source();
231223
out = in.build();
@@ -247,8 +239,7 @@ public void test() throws Exception {
247239
sink(out); // $ hasTaintFlow
248240
}
249241
{
250-
// "android.app;Notification$Builder;true;recoverBuilder;;;SyntheticField[android.app.Notification.action]
251-
// of Argument[1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
242+
// "android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint"
252243
Notification.Builder out = null;
253244
Notification in = (Notification) source();
254245
out = Notification.Builder.recoverBuilder(null, in);
@@ -262,8 +253,8 @@ public void test() throws Exception {
262253
sink(out); // $ hasValueFlow
263254
}
264255
{
265-
// "android.app;Notification$Builder;true;setActions;;;SyntheticField[android.app.Notification.action]
266-
// of ArrayElement of Argument[0];SyntheticField[android.app.Notification.action] of
256+
// "android.app;Notification$Builder;true;setActions;;;ArrayElement of
257+
// Argument[0];SyntheticField[android.app.Notification.action] of
267258
// Argument[-1];taint"
268259
Notification.Builder out = null;
269260
Notification.Action[] in = (Notification.Action[]) new Notification.Action[] {
@@ -349,8 +340,7 @@ public void test() throws Exception {
349340
sink(out); // $ hasValueFlow
350341
}
351342
{
352-
// "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];SyntheticField[android.app.Notification.action]
353-
// of Argument[-1];taint"
343+
// "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint"
354344
Notification.Builder out = null;
355345
PendingIntent in = (PendingIntent) source();
356346
out.setContentIntent(in);
@@ -399,8 +389,7 @@ public void test() throws Exception {
399389
sink(out); // $ hasValueFlow
400390
}
401391
{
402-
// "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];SyntheticField[android.app.Notification.action]
403-
// of Argument[-1];taint"
392+
// "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint"
404393
Notification.Builder out = null;
405394
PendingIntent in = (PendingIntent) source();
406395
out.setDeleteIntent(in);
@@ -541,8 +530,7 @@ public void test() throws Exception {
541530
sink(out); // $ hasValueFlow
542531
}
543532
{
544-
// "android.app;Notification$Builder;true;setPublicVersion;;;SyntheticField[android.app.Notification.action]
545-
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
533+
// "android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint"
546534
Notification.Builder out = null;
547535
Notification in = (Notification) source();
548536
out.setPublicVersion(in);

java/ql/test/library-tests/frameworks/android/notification/test.ql

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,6 @@ class NotificationsTaintFlowConf extends DefaultTaintFlowConf {
1616
override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
1717
super.allowImplicitRead(node, c)
1818
or
19-
isSink(node) and
20-
c.(DataFlow::SyntheticFieldContent).getField() = "android.app.Notification.action"
21-
or
2219
allowIntentExtrasImplicitRead(node, c)
2320
}
2421
}

0 commit comments

Comments
 (0)