Reuse previous tests from experimental

Author: atorralba

java/ql/test/experimental/query-tests/security/CWE-749/AndroidManifest.xml

@@ -1,11 +1,51 @@
-<?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="app" android:versionCode="1" android:versionName="1.0">
-    <application>
-        <activity android:name=".UnsafeAndroidAccess">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.app"
+    android:installLocation="auto"
+    android:versionCode="1"
+    android:versionName="0.1" >
+
+    <uses-permission android:name="android.permission.INTERNET" />
+
+    <application
+        android:icon="@drawable/ic_launcher"
+        android:label="@string/app_name"
+        android:theme="@style/AppTheme" >
+        <activity
+            android:name=".UnsafeAndroidAccess"
+            android:icon="@drawable/ic_launcher"
+			android:label="@string/app_name">
             <intent-filter>
                 <action android:name="android.intent.action.MAIN" />
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
         </activity>
+
+        <activity android:name=".UnsafeActivity1" android:exported="true">
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW"/>
+            </intent-filter>
+        </activity>
+        
+        <activity android:name=".UnsafeActivity2">
+            <intent-filter>
+            <action android:name="android.intent.action.VIEW"/>
+            </intent-filter>
+        </activity>
+        
+        <activity android:name=".SafeActivity1" android:exported="false">
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW"/>
+            </intent-filter>
+        </activity>
+
+        <activity android:name=".SafeActivity2" android:exported="false" />
+
+        <activity android:name=".SafeActivity3" />
+
+        <activity android:name=".UnsafeActivity3" android:exported="true" />
+        <activity android:name=".UnsafeActivity4" android:exported="true" />
+
+        <receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" />        
     </application>
-</manifest>
+
+</manifest>

java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.expected

@@ -9,7 +9,9 @@
 import android.webkit.WebViewClient;
 
 public class SafeActivity1 extends Activity {
-	//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
+	// Test onCreate with both JavaScript and cross-origin resource access enabled while taking
+	// remote user inputs from bundle extras.
+	// The Activity is explicitly not exported, even though it has an intent-filter.
 	public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(-1);
@@ -29,6 +31,6 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		});
 
 		String thisUrl = getIntent().getExtras().getString("url");
-		wv.loadUrl(thisUrl);
+		wv.loadUrl(thisUrl); // Safe
 	}
-}
+}

java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.qlref

@@ -9,7 +9,9 @@
 import android.webkit.WebViewClient;
 
 public class SafeActivity2 extends Activity {
-	//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
+	// Test onCreate with both JavaScript and cross-origin resource access enabled while taking
+	// remote user inputs from bundle extras.
+	// The Activity is explicitly not exported.
 	public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(-1);
@@ -29,6 +31,6 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		});
 
 		String thisUrl = getIntent().getExtras().getString("url");
-		wv.loadUrl(thisUrl);
+		wv.loadUrl(thisUrl); // Safe
 	}
-}
+}

java/ql/test/experimental/query-tests/security/CWE-749/options

@@ -9,7 +9,9 @@
 import android.webkit.WebViewClient;
 
 public class SafeActivity3 extends Activity {
-	//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
+	// Test onCreate with both JavaScript and cross-origin resource access enabled while taking
+	// remote user inputs from bundle extras.
+	// The Activity is implicitly not exported.
 	public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(-1);
@@ -29,6 +31,6 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		});
 
 		String thisUrl = getIntent().getExtras().getString("url");
-		wv.loadUrl(thisUrl);
+		wv.loadUrl(thisUrl); // Safe
 	}
-}
+}

java/ql/test/query-tests/security/CWE-749/AndroidManifest.xml

@@ -9,7 +9,9 @@
 import android.webkit.WebViewClient;
 
 public class UnsafeActivity1 extends Activity {
-	//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
+	// Test onCreate with both JavaScript and cross-origin resource access enabled while taking
+	// remote user inputs from bundle extras.
+	// The Activity is exported and has an intent-filter.
 	public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(-1);
@@ -29,6 +31,6 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		});
 
 		String thisUrl = getIntent().getExtras().getString("url");
-		wv.loadUrl(thisUrl);
+		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
 	}
-}
+}