Apply suggestions from code review

atorralba · aschackmull · web-flow · commit fd92c4e435e8 · 2021-11-04T10:08:53.000+01:00
Co-authored-by: Anders Schack-Mulligen &lt;aschackmull@users.noreply.github.com&gt;
diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll
@@ -71,11 +71,12 @@ private class DefaultIntentRedirectionSink extends IntentRedirectionSink {
  */
 private class DefaultIntentRedirectionSanitizer extends IntentRedirectionSanitizer {
   DefaultIntentRedirectionSanitizer() {
-    exists(MethodAccess ma, Method m |
+    exists(MethodAccess ma, Method m, Guard g, boolean branch |
       ma.getMethod() = m and
       m.getDeclaringType() instanceof TypeComponentName and
       m.hasName(["getPackageName", "getClassName"]) and
-      ma.getBasicBlock().(ConditionBlock).controls(this.asExpr().getBasicBlock(), true)
+      g.isEquality(ma, _, branch) and
+      g.controls(this.asExpr().getBasicBlock(), branch)
     )
   }
 }
diff --git a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirectionSample.java b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirectionSample.java
@@ -13,6 +13,6 @@
 // GOOD: The component that sent the Intent is checked before launching the destination component
 Intent forwardIntent = (Intent) getIntent().getParcelableExtra("forward_intent");
 ComponentName originComponent = getCallingActivity();
-if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName("TrustedClass")) {
+if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName().equals("TrustedClass")) {
     startActivity(forwardIntent);
 }

Original file line number	Diff line number	Diff line change
`@@ -71,11 +71,12 @@ private class DefaultIntentRedirectionSink extends IntentRedirectionSink {`
`71`	`71`	`*/`
`72`	`72`	`private class DefaultIntentRedirectionSanitizer extends IntentRedirectionSanitizer {`
`73`	`73`	`DefaultIntentRedirectionSanitizer() {`
`74`		`- exists(MethodAccess ma, Method m \|`
	`74`	`+ exists(MethodAccess ma, Method m, Guard g, boolean branch \|`
`75`	`75`	`ma.getMethod() = m and`
`76`	`76`	`m.getDeclaringType() instanceof TypeComponentName and`
`77`	`77`	`m.hasName(["getPackageName", "getClassName"]) and`
`78`		`- ma.getBasicBlock().(ConditionBlock).controls(this.asExpr().getBasicBlock(), true)`
	`78`	`+ g.isEquality(ma, _, branch) and`
	`79`	`+ g.controls(this.asExpr().getBasicBlock(), branch)`
`79`	`80`	`)`
`80`	`81`	`}`
`81`	`82`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,6 @@`
`13`	`13`	`// GOOD: The component that sent the Intent is checked before launching the destination component`
`14`	`14`	`Intent forwardIntent = (Intent) getIntent().getParcelableExtra("forward_intent");`
`15`	`15`	`ComponentName originComponent = getCallingActivity();`
`16`		`-if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName("TrustedClass")) {`
	`16`	`+if (originComponent.getPackageName().equals("trusted.package") && originComponent.getClassName().equals("TrustedClass")) {`
`17`	`17`	`startActivity(forwardIntent);`
`18`	`18`	`}`