Merge pull request github#13507 from atorralba/atorralba/ql/android-ids-check

QL: Add query to find Android queries with improper ids

Author: atorralba

ql/ql/src/queries/style/AndroidIdPrefix.ql

@@ -0,0 +1,32 @@
+/**
+ * @name Android query without android @id prefix
+ * @description Android queries should include the `android/` prefix in their `@id`.
+ * @kind problem
+ * @problem.severity warning
+ * @id ql/android-id-prefix
+ * @precision high
+ */
+
+import ql
+
+/** Holds if `t` transitively imports an Android module. */
+predicate importsAndroidModule(TopLevel t) {
+  t.getFile() =
+    any(YAML::QLPack pack | pack.getADependency*().getExtractor() = "java").getAFileInPack() and
+  exists(Import i | t.getAnImport() = i |
+    i.getImportString().toLowerCase().matches("%android%")
+    or
+    exists(TopLevel t2 |
+      t2.getAModule() = i.getResolvedModule().asModule() and
+      importsAndroidModule(t2)
+    )
+  )
+}
+
+from QueryDoc d
+where
+  d.getLocation().getFile().getRelativePath().matches("%src/Security/%") and
+  not d.getQueryId().matches("android/%") and
+  not d.getQueryId() = ["improper-intent-verification", "improper-webview-certificate-validation"] and // known badly identified queries that sadly we can't fix
+  importsAndroidModule(d.getParent())
+select d, "This Android query is missing the `android/` prefix in its `@id`."