Skip to content

Commit d806fca

Browse files
joefarebrotherjoefarebrother
committed
Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with)
1 parent 2ca164c commit d806fca

File tree

3 files changed

+11
-43
lines changed

3 files changed

+11
-43
lines changed

java/ql/lib/ext/android.app.model.yml

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,9 @@ extensions:
3939
- ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,PendingIntent$OnFinished,Handler,String)", "", "Argument[2]", "pending-intents", "manual"]
4040
- ["android.app", "PendingIntent", False, "send", "(Context,int,Intent,PendingIntent$OnFinished,Handler,String,Bundle)", "", "Argument[2]", "pending-intents", "manual"]
4141

42-
- ["android.app", "Notification$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
43-
- ["android.app", "Notification$Action$Builder", True, "Builder", "(Icon,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
44-
- ["android.app", "Notification$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
42+
- ["android.app", "Notification$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
43+
- ["android.app", "Notification$Action$Builder", True, "Builder", "(Icon,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
44+
- ["android.app", "Notification$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
4545
- ["android.app", "Notification$Action$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
4646
- ["android.app", "Notification$BigPictureStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
4747
- ["android.app", "Notification$BigPictureStyle", True, "setContentDescription", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
@@ -60,7 +60,6 @@ extensions:
6060
- ["android.app", "Notification$Builder", True, "setCustomBigContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
6161
- ["android.app", "Notification$Builder", True, "setCustomContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
6262
- ["android.app", "Notification$Builder", True, "setCustomHeadsUpContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
63-
- ["android.app", "Notification$Builder", True, "setDeleteIntent", "(PendingIntent)", "", "Argument[0]", "notification", "manual"]
6463
- ["android.app", "Notification$Builder", True, "setExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
6564
- ["android.app", "Notification$Builder", True, "setGroup", "(String)", "", "Argument[0]", "notification", "manual"]
6665
- ["android.app", "Notification$Builder", True, "setRemoteInputHistory", "(CharSequence[])", "", "Argument[0]", "notification", "manual"]
@@ -69,15 +68,11 @@ extensions:
6968
- ["android.app", "Notification$Builder", True, "setSubText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7069
- ["android.app", "Notification$Builder", True, "setTicker", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7170
- ["android.app", "Notification$Builder", True, "setTicker", "(CharSequence,RemoteViews)", "", "Argument[0..1]", "notification", "manual"]
72-
- ["android.app", "Notification$CallStyle", True, "forIncomingCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
73-
- ["android.app", "Notification$CallStyle", True, "forOngoingCallCall", "(Person,PendingIntent)", "", "Argument[1]", "notification", "manual"]
74-
- ["android.app", "Notification$CallStyle", True, "forScreeningCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
7571
- ["android.app", "Notification$CallStyle", True, "setVerificationText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7672
- ["android.app", "Notification$InboxStyle", True, "addLine", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7773
- ["android.app", "Notification$InboxStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7874
- ["android.app", "Notification$InboxStyle", True, "setSummaryText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
7975
- ["android.app", "Notification$MediaStyle", True, "setRemotePlaybackInfo", "(CharSequence,int,PendingIntent)", "", "Argument[0]", "notification", "manual"]
80-
- ["android.app", "Notification$MediaStyle", True, "setRemotePlaybackInfo", "(CharSequence,int,PendingIntent)", "", "Argument[2]", "notification", "manual"]
8176
- ["android.app", "Notification$MessagingStyle", True, "MessagingStyle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
8277
- ["android.app", "Notification$MessagingStyle", True, "addMessage", "(CharSequence,long,CharSequence)", "", "Argument[0]", "notification", "manual"]
8378
- ["android.app", "Notification$MessagingStyle", True, "addMessage", "(CharSequence,long,CharSequence)", "", "Argument[2]", "notification", "manual"]

java/ql/lib/ext/androidx.core.app.model.yml

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,17 +10,17 @@ extensions:
1010
- ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(String,int,Notification)", "", "Argument[2]", "pending-intents", "manual"]
1111
- ["androidx.core.app", "NotificationManagerCompat", True, "notify", "(int,Notification)", "", "Argument[1]", "pending-intents", "manual"]
1212

13-
- ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
14-
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
15-
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
13+
- ["androidx.core.app", "NotificationCompat$Action", True, "Action", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
14+
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(IconCompat,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
15+
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "Builder", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
1616
- ["androidx.core.app", "NotificationCompat$Action$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
1717
- ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
1818
- ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setContentDescription", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
1919
- ["androidx.core.app", "NotificationCompat$BigPictureStyle", True, "setSummaryText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
2020
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "bigText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
2121
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
2222
- ["androidx.core.app", "NotificationCompat$BigTextStyle", True, "setSummaryText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
23-
- ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
23+
- ["androidx.core.app", "NotificationCompat$Builder", True, "addAction", "(int,CharSequence,PendingIntent)", "", "Argument[1]", "notification", "manual"]
2424
- ["androidx.core.app", "NotificationCompat$Builder", True, "addExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
2525
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCategory", "(String)", "", "Argument[0]", "notification", "manual"]
2626
- ["androidx.core.app", "NotificationCompat$Builder", True, "setChannelId", "(String)", "", "Argument[0]", "notification", "manual"]
@@ -31,7 +31,6 @@ extensions:
3131
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomBigContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
3232
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
3333
- ["androidx.core.app", "NotificationCompat$Builder", True, "setCustomHeadsUpContentView", "(RemoteViews)", "", "Argument[0]", "notification", "manual"]
34-
- ["androidx.core.app", "NotificationCompat$Builder", True, "setDeleteIntent", "(PendingIntent)", "", "Argument[0]", "notification", "manual"]
3534
- ["androidx.core.app", "NotificationCompat$Builder", True, "setExtras", "(Bundle)", "", "Argument[0]", "notification", "manual"]
3635
- ["androidx.core.app", "NotificationCompat$Builder", True, "setGroup", "(String)", "", "Argument[0]", "notification", "manual"]
3736
- ["androidx.core.app", "NotificationCompat$Builder", True, "setRemoteInputHistory", "(CharSequence[])", "", "Argument[0]", "notification", "manual"]
@@ -40,9 +39,6 @@ extensions:
4039
- ["androidx.core.app", "NotificationCompat$Builder", True, "setSubText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
4140
- ["androidx.core.app", "NotificationCompat$Builder", True, "setTicker", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
4241
- ["androidx.core.app", "NotificationCompat$Builder", True, "setTicker", "(CharSequence,RemoteViews)", "", "Argument[0..1]", "notification", "manual"]
43-
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forIncomingCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
44-
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forOngoingCallCall", "(Person,PendingIntent)", "", "Argument[1]", "notification", "manual"]
45-
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "forScreeningCall", "(Person,PendingIntent,PendingIntent)", "", "Argument[1..2]", "notification", "manual"]
4642
- ["androidx.core.app", "NotificationCompat$CallStyle", True, "setVerificationText", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
4743
- ["androidx.core.app", "NotificationCompat$InboxStyle", True, "addLine", "(CharSequence)", "", "Argument[0]", "notification", "manual"]
4844
- ["androidx.core.app", "NotificationCompat$InboxStyle", True, "setBigContentTitle", "(CharSequence)", "", "Argument[0]", "notification", "manual"]

java/ql/test/query-tests/security/CWE-200/semmle/tests/SensitiveNotification/Test.java

Lines changed: 4 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,6 @@ void test(String password) {
1414

1515
Intent intent = new Intent();
1616
intent.putExtra("a", password);
17-
PendingIntent pintent = PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE);
18-
builder.setContentIntent(pintent); // $MISSING: sensitive-notification // missing model for getActivity
19-
builder.setDeleteIntent(pintent); // $MISSING: sensitive-notification
2017

2118
builder.addExtras(intent.getExtras()); // $sensitive-notification
2219
builder.setCategory(password); // $sensitive-notification
@@ -42,9 +39,8 @@ void test(String password) {
4239
.addLine(password) // $sensitive-notification
4340
.setBigContentTitle(password) // $sensitive-notification
4441
.setSummaryText(password)); // $sensitive-notification
45-
// builder.setStyle(new Notification.MediaStyle()
46-
// .setRemotePlaybackInfo(password, 0, null) // $sensitive-notification
47-
// .setRemotePlaybackInfo("", 0, pintent)); // $MISSING: sensitive-notification
42+
builder.setStyle(new Notification.MediaStyle()
43+
.setRemotePlaybackInfo(password, 0, null)); // $sensitive-notification
4844
builder.setStyle(
4945
new Notification.MessagingStyle(password) // $sensitive-notification
5046
.setConversationTitle(password) // $sensitive-notification
@@ -57,21 +53,13 @@ void test(String password) {
5753
);
5854

5955
builder.addAction(0, password, null); // $sensitive-notification
60-
builder.addAction(0, "", pintent); // $MISSING: sensitive-notification
6156
builder.addAction(new Notification.Action(0, password, null)); // $sensitive-notification
62-
builder.addAction(new Notification.Action(0, "", pintent)); // $MISSING: sensitive-notification
6357
builder.addAction(new Notification.Action.Builder(0, password, null) // $sensitive-notification
6458
.addExtras(intent.getExtras()) // $sensitive-notification
6559
.build());
6660
builder.addAction(new Notification.Action.Builder(null, password, null).build()); // $sensitive-notification
67-
builder.addAction(new Notification.Action.Builder(0, "", pintent).build()); // $MISSING: sensitive-notification
68-
builder.addAction(new Notification.Action.Builder(null, "", pintent).build()); // $MISSING: sensitive-notification
6961

70-
builder.setStyle(Notification.CallStyle.forIncomingCall(null, pintent, null)); // $MISSING: sensitive-notification
71-
builder.setStyle(Notification.CallStyle.forIncomingCall(null, null, pintent)); // $MISSING: sensitive-notification
72-
builder.setStyle(Notification.CallStyle.forOngoingCall(null, pintent)); // $MISSING: sensitive-notification
73-
builder.setStyle(Notification.CallStyle.forScreeningCall(null, pintent, null)); // $MISSING: sensitive-notification
74-
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, pintent) // $MISSING: sensitive-notification
62+
builder.setStyle(Notification.CallStyle.forScreeningCall(null, null, null)
7563
.setVerificationText(password)); // $sensitive-notification
7664
}
7765

@@ -92,9 +80,6 @@ void test3(String password) {
9280

9381
Intent intent = new Intent();
9482
intent.putExtra("a", password);
95-
PendingIntent pintent = PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE);
96-
builder.setContentIntent(pintent); // $MISSING: sensitive-notification // missing model for getActivity
97-
builder.setDeleteIntent(pintent); // $MISSING: sensitive-notification
9883

9984
builder.addExtras(intent.getExtras()); // $sensitive-notification
10085
builder.setCategory(password); // $sensitive-notification
@@ -132,21 +117,13 @@ void test3(String password) {
132117
);
133118

134119
builder.addAction(0, password, null); // $sensitive-notification
135-
builder.addAction(0, "", pintent); // $MISSING: sensitive-notification
136120
builder.addAction(new NotificationCompat.Action(0, password, null)); // $sensitive-notification
137-
builder.addAction(new NotificationCompat.Action(0, "", pintent)); // $MISSING: sensitive-notification
138121
builder.addAction(new NotificationCompat.Action.Builder(0, password, null) // $sensitive-notification
139122
.addExtras(intent.getExtras()) // $sensitive-notification
140123
.build());
141124
builder.addAction(new NotificationCompat.Action.Builder(null, password, null).build()); // $sensitive-notification
142-
builder.addAction(new NotificationCompat.Action.Builder(0, "", pintent).build()); // $MISSING: sensitive-notification
143-
builder.addAction(new NotificationCompat.Action.Builder(null, "", pintent).build()); // $MISSING: sensitive-notification
144125

145-
builder.setStyle(NotificationCompat.CallStyle.forIncomingCall(null, pintent, null)); // $MISSING: sensitive-notification
146-
builder.setStyle(NotificationCompat.CallStyle.forIncomingCall(null, null, pintent)); // $MISSING: sensitive-notification
147-
builder.setStyle(NotificationCompat.CallStyle.forOngoingCall(null, pintent)); // $MISSING: sensitive-notification
148-
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, pintent, null)); // $MISSING: sensitive-notification
149-
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, null, pintent) // $MISSING: sensitive-notification
126+
builder.setStyle(NotificationCompat.CallStyle.forScreeningCall(null, null, null)
150127
.setVerificationText(password)); // $sensitive-notification
151128
}
152129
}

0 commit comments

Comments
 (0)