microsoft
diff --git a/‎java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll
Lines changed: 2 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll
Lines changed: 2 additions & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-287/Test2.java
Lines changed: 47 additions & 0 deletions b/‎java/ql/test/query-tests/security/CWE-287/Test2.java
Lines changed: 47 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/google-android-9.0.0/android/security/identity/PresentationSession.java
Lines changed: 9 additions & 0 deletions b/‎java/ql/test/stubs/google-android-9.0.0/android/security/identity/PresentationSession.java
Lines changed: 9 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/google-android-9.0.0/androidx/biometric/BiometricPrompt.java
Lines changed: 79 additions & 0 deletions b/‎java/ql/test/stubs/google-android-9.0.0/androidx/biometric/BiometricPrompt.java
Lines changed: 79 additions & 0 deletions
@@ -9,6 +9,8 @@ private class AuthenticationCallbackClass extends Class {
       "FingerprintManager$AuthenticationCallback")
     or
     this.hasQualifiedName("android.hardware.biometrics", "BiometricPrompt$AuthenticationCallback")
+    or
+    this.hasQualifiedName("androidx.biometric", "BiometricPrompt$AuthenticationCallback")
   }
 }
 
 
@@ -0,0 +1,47 @@
+import androidx.biometric.BiometricPrompt;
+
+class TestC {
+    public static void useKey(BiometricPrompt.CryptoObject key) {}
+
+
+    // GOOD: result is used
+    class Test1 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            TestC.useKey(result.getCryptoObject());
+        }
+    }
+
+    // BAD: result is not used
+    class Test2 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
+            
+        }
+    }
+
+    // BAD: result is only used in a super call
+    class Test3 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) { // $insecure-auth
+            super.onAuthenticationSucceeded(result);
+        }
+    }
+
+    // GOOD: result is used
+    class Test4 extends BiometricPrompt.AuthenticationCallback {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            super.onAuthenticationSucceeded(result);
+            TestC.useKey(result.getCryptoObject());
+        }
+    }
+
+    // GOOD: result is used in a super call to a class other than the base class
+    class Test5 extends Test1 {
+        @Override
+        public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
+            super.onAuthenticationSucceeded(result);
+        }
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,8 @@ private class AuthenticationCallbackClass extends Class {`
`9`	`9`	`"FingerprintManager$AuthenticationCallback")`
`10`	`10`	`or`
`11`	`11`	`this.hasQualifiedName("android.hardware.biometrics", "BiometricPrompt$AuthenticationCallback")`
	`12`	`+ or`
	`13`	`+ this.hasQualifiedName("androidx.biometric", "BiometricPrompt$AuthenticationCallback")`
`12`	`14`	`}`
`13`	`15`	`}`
`14`	`16`