github
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
Lines changed: 2 additions & 1 deletion b/‎java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
Lines changed: 2 additions & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll
Lines changed: 91 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll
Lines changed: 91 additions & 0 deletions
@@ -79,6 +79,7 @@ private module Frameworks {
   private import internal.ContainerFlow
   private import semmle.code.java.frameworks.android.Android
   private import semmle.code.java.frameworks.android.Intent
+  private import semmle.code.java.frameworks.android.Notifications
   private import semmle.code.java.frameworks.android.Slice
   private import semmle.code.java.frameworks.android.SQLite
   private import semmle.code.java.frameworks.android.XssSinks
@@ -694,7 +695,7 @@ class SyntheticField extends string {
 
 private predicate parseSynthField(string c, string f) {
   specSplit(_, c, _) and
-  c.regexpCapture("SyntheticField\\[([.a-zA-Z0-9]+)\\]", 1) = f
+  c.regexpCapture("SyntheticField\\[([.a-zA-Z0-9$]+)\\]", 1) = f
 }
 
 /** Holds if the specification component parses as a `Content`. */
 
@@ -0,0 +1,91 @@
+import java
+private import semmle.code.java.dataflow.ExternalFlow
+
+private class NotificationBuildersSummaryModels extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
+        "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
+        "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
+        "android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint",
+        "android.app;Notification$Action$Builder;true;addExtras;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.app.Notification$Action$Builder.extras] of Argument[-1];value",
+        "android.app;Notification$Action$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.app.Notification$Action$Builder.extras] of Argument[-1];value",
+        "android.app;Notification$Action$Builder;true;addRemoteInput;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint",
+        "android.app;Notification$Action$Builder;true;extend;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;getExtras;;;SyntheticField[android.app.Notification$Action$Builder.extras] of Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;setAllowGeneratedReplies;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;setAuthenticationRequired;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;setContextual;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Action$Builder;true;setSemanticAction;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;addAction;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint",
+        "android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint",
+        "android.app;Notification$Builder;true;addExtras;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];value",
+        "android.app;Notification$Builder;true;addExtras;;;MapValue of Argument[0];MapValue of SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];value",
+        "android.app;Notification$Builder;true;addPerson;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint",
+        "android.app;Notification$Builder;true;extend;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;getExtras;;;SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint",
+        "android.app;Notification$Builder;true;setActions;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setActions;;;ArrayElement of Argument[0];Argument[-1];taint",
+        "android.app;Notification$Builder;true;setAutoCancel;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setBadgeIconType;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setBubbleMetadata;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setCategory;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setChannelId;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setChronometerCountDown;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setColor;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setColorized;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setContent;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setContentInfo;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setContentIntent;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint",
+        "android.app;Notification$Builder;true;setContentText;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setContentTitle;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setCustomBigContentView;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setCustomHeadsUpContentView;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setDefaults;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint",
+        "android.app;Notification$Builder;true;setExtras;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setExtras;;;Argument[0];SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];value",
+        "android.app;Notification$Builder;true;setFlag;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setForegroundServiceBehavior;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setFullScreenIntent;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setGroup;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setGroupAlertBehavior;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setGroupSummary;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setLargeIcon;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setLights;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setLocalOnly;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setLocusId;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setNumber;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setOngoing;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setOnlyAlertOnce;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setPriority;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setProgress;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setPublicVersion;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint",
+        "android.app;Notification$Builder;true;setRemoteInputHistory;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setSettingsText;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setShortcutId;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setShowWhen;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setSmallIcon;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setSortKey;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setSound;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setStyle;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setSubText;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setTicker;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setTimeoutAfter;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setUsesChronometer;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setVibrate;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setVisibility;;;Argument[-1];ReturnValue;value",
+        "android.app;Notification$Builder;true;setWhen;;;Argument[-1];ReturnValue;value"
+      ]
+  }
+}