Add value-preserving steps for SharedPreferences

atorralba · atorralba · commit f1c08bc49232 · 2022-04-22T17:44:59.000+02:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -82,6 +82,7 @@ private module Frameworks {
   private import semmle.code.java.frameworks.android.ContentProviders
   private import semmle.code.java.frameworks.android.Intent
   private import semmle.code.java.frameworks.android.Notifications
+  private import semmle.code.java.frameworks.android.SharedPreferences
   private import semmle.code.java.frameworks.android.Slice
   private import semmle.code.java.frameworks.android.SQLite
   private import semmle.code.java.frameworks.android.Widget
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll
@@ -1,6 +1,7 @@
 /** Provides classes related to `android.content.SharedPreferences`. */
 
 import java
+import semmle.code.java.dataflow.ExternalFlow
 
 /** The interface `android.content.SharedPreferences`. */
 class SharedPreferences extends Interface {
@@ -55,3 +56,19 @@ class StoreSharedPreferenceMethod extends Method {
     this.hasName(["commit", "apply"])
   }
 }
+
+private class SharedPreferencesSummaries extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "android.content;SharedPreferences$Editor;true;clear;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putBoolean;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putFloat;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putInt;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putLong;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putString;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;putStringSet;;;Argument[-1];ReturnValue;value",
+        "android.content;SharedPreferences$Editor;true;remove;;;Argument[-1];ReturnValue;value"
+      ]
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java b/java/ql/test/query-tests/security/CWE-312/CleartextStorageSharedPrefsTest.java
@@ -89,9 +89,16 @@ public void testSetSharedPrefs6(Context context, String name, String password)
 				.create(context, "secret_shared_prefs", masterKey,
 						EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
 						EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM)
-				.edit().putString("name", name) /// Safe
+				.edit().putString("name", name) // Safe
 				.putString("password", password); // Safe
 
 		editor.commit();
 	}
+
+	public void testSetSharedPrefs7(Context context, String name, String password) {
+		SharedPreferences sharedPrefs =
+				context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
+		sharedPrefs.edit().putString("name", name).apply(); // Safe
+		sharedPrefs.edit().putString("password", password).apply(); // $hasCleartextStorageSharedPrefs
+	}
 }
