Move detection of Android app to one place

owen-mc · owen-mc · commit 9c8296602236 · 2024-07-05T23:47:56.000+01:00
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
@@ -5,6 +5,9 @@
 import java
 private import semmle.code.xml.AndroidManifest
 
+/** Holds if this database is of an Android application. */
+predicate isAndroid() { exists(AndroidManifestXmlFile m) }
+
 /**
  * Gets a reflexive/transitive superType
  */
diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
@@ -6,6 +6,7 @@ import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.frameworks.Networking
 import semmle.code.java.security.Encryption
 import semmle.code.java.security.HttpsUrls
+private import semmle.code.java.frameworks.android.Android as Android
 
 /** An Android Network Security Configuration XML file. */
 class AndroidNetworkSecurityConfigFile extends XmlFile {
@@ -19,8 +20,12 @@ class AndroidNetworkSecurityConfigFile extends XmlFile {
   }
 }
 
-/** Holds if this database is of an Android application. */
-predicate isAndroid() { exists(AndroidManifestXmlFile m) }
+/**
+ * DEPRECATED. Use `semmle.code.java.frameworks.android.Android::isAndroid` instead.
+ *
+ * Holds if this database is of an Android application.
+ */
+deprecated predicate isAndroid() { Android::isAndroid() }
 
 /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
 private predicate trustedDomainViaXml(string domainName) {
@@ -122,7 +127,7 @@ private module UntrustedUrlFlow = TaintTracking::Global<UntrustedUrlConfig>;
 
 /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
 predicate missingPinning(MissingPinningSink node, string domain) {
-  isAndroid() and
+  Android::isAndroid() and
   exists(DataFlow::Node src | UntrustedUrlFlow::flow(src, node) |
     if trustedDomain(_) then domain = getDomain(src.asExpr()) else domain = ""
   )
diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
@@ -6,16 +6,15 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.security.CleartextStorageQuery
-import semmle.code.xml.AndroidManifest
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSinks
 private import semmle.code.java.dataflow.FlowSources
+private import semmle.code.java.frameworks.android.Android
 
 private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink {
   AndroidFilesystemCleartextStorageSink() {
     filesystemInput(_, this.asExpr()) and
-    // Make sure we are in an Android application.
-    exists(AndroidManifestXmlFile manifest)
+    isAndroid()
   }
 }
 
