Apply suggestions from code review

atorralba · smowton · web-flow · commit fe2755c4a0fd · 2022-01-18T10:41:19.000+01:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll
@@ -68,6 +68,9 @@ private class SendPendingIntent extends ImplicitPendingIntentSink {
   override predicate hasState(DataFlow::FlowState state) { state = "MutablePendingIntent" }
 }
 
+/**
+ * Propagates taint from any tainted object to reads from its `PendingIntent`-typed fields.
+ */
 private class PendingIntentAsFieldAdditionalTaintStep extends ImplicitPendingIntentAdditionalTaintStep {
   override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
     exists(Field f |
@@ -91,10 +94,11 @@ private class MutablePendingIntentFlowStep extends PendingIntentAsFieldAdditiona
       node2.asExpr() = pic and
       flagArg = pic.getFlagsArg()
     |
-      // API < 31, PendingIntents are mutable by default
+      // We err on the side of false positives here, assuming a PendingIntent may be mutable unless it is at
+      // least sometimes explicitly marked immutable and never marked mutable.
+      // Note for API level < 31, PendingIntents were mutable by default, whereas since then they are immutable by default.
       not TaintTracking::localExprTaint(any(ImmutablePendingIntentFlag flag).getAnAccess(), flagArg)
       or
-      // API >= 31, PendingIntents need to explicitly set mutability
       TaintTracking::localExprTaint(any(MutablePendingIntentFlag flag).getAnAccess(), flagArg)
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,9 @@ private class SendPendingIntent extends ImplicitPendingIntentSink {`
`68`	`68`	`override predicate hasState(DataFlow::FlowState state) { state = "MutablePendingIntent" }`
`69`	`69`	`}`
`70`	`70`
	`71`	`+/**`
	`72`	+ * Propagates taint from any tainted object to reads from its `PendingIntent`-typed fields.
	`73`	`+ */`
`71`	`74`	`private class PendingIntentAsFieldAdditionalTaintStep extends ImplicitPendingIntentAdditionalTaintStep {`
`72`	`75`	`override predicate step(DataFlow::Node node1, DataFlow::Node node2) {`
`73`	`76`	`exists(Field f \|`
`@@ -91,10 +94,11 @@ private class MutablePendingIntentFlowStep extends PendingIntentAsFieldAdditiona`
`91`	`94`	`node2.asExpr() = pic and`
`92`	`95`	`flagArg = pic.getFlagsArg()`
`93`	`96`	`\|`
`94`		`- // API < 31, PendingIntents are mutable by default`
	`97`	`+ // We err on the side of false positives here, assuming a PendingIntent may be mutable unless it is at`
	`98`	`+ // least sometimes explicitly marked immutable and never marked mutable.`
	`99`	`+ // Note for API level < 31, PendingIntents were mutable by default, whereas since then they are immutable by default.`
`95`	`100`	`not TaintTracking::localExprTaint(any(ImmutablePendingIntentFlag flag).getAnAccess(), flagArg)`
`96`	`101`	`or`
`97`		`- // API >= 31, PendingIntents need to explicitly set mutability`
`98`	`102`	`TaintTracking::localExprTaint(any(MutablePendingIntentFlag flag).getAnAccess(), flagArg)`
`99`	`103`	`)`
`100`	`104`	`}`