adding starter files

Jami Cogswell · Jami Cogswell · commit 3e09d86a4fec · 2022-08-22T12:41:22.000-04:00
diff --git a/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.qhelp
@@ -0,0 +1,38 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>TODO: Replace the following
+When a debugger is enabled it could allow for entry points in the application or reveal sensitive information.</p>
+
+</overview>
+<recommendation>
+
+<p>TODO: Replace the following
+In Android applications either set the <code>android:debuggable</code> attribute to <code>false</code>
+or do not include it in the manifest. The default value when not included is <code>false</code>.</p>
+
+</recommendation>
+<example>
+
+<p>TODO: Replace the following
+In the example below, the <code>android:debuggable</code> attribute is set to <code>true</code>.</p>
+
+<!--<sample src="DebuggableTrue.xml" />-->
+
+<p>The corrected version sets the <code>android:debuggable</code> attribute to <code>false</code>.</p>
+
+<!--<sample src="DebuggableFalse.xml" />-->
+
+</example>
+<references>
+
+<li>
+  TODO: REPLACE LINKS. Android Developers:
+  <a href="https://developer.android.com/guide/topics/manifest/application-element#debug">The android:debuggable attribute</a>.
+</li>
+
+</references>
+</qhelp>
diff --git a/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql b/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
@@ -0,0 +1,22 @@
+/**
+ * @name Implicitly imported Android component
+ * @description TODO after more background reading
+ * @kind problem (TODO: confirm after more background reading)
+ * @problem.severity warning (TODO: confirm after more background reading)
+ * @security-severity 0.1 (TODO: run script)
+ * @id java/android/implicitly-imported-component
+ * @tags security
+ *       external/cwe/cwe-926
+ * @precision TODO after MRVA
+ */
+
+import java
+import semmle.code.xml.AndroidManifest
+
+// TODO: change query
+from AndroidXmlAttribute androidXmlAttr
+where
+  androidXmlAttr.getName() = "debuggable" and
+  androidXmlAttr.getValue() = "true" and
+  not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%")
+select androidXmlAttr, "The 'android:debuggable' attribute is enabled."
diff --git a/java/ql/src/change-notes/2022-08-DD-android-implicit-export.md b/java/ql/src/change-notes/2022-08-DD-android-implicit-export.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `java/android/implicitly-imported-component`, to detect if an Android component can become implicitly exported.
diff --git a/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.expected b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.expected
diff --git a/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql b/java/ql/test/query-tests/security/CWE-926/ImplicitlyExportedAndroidComponentTest.ql
@@ -0,0 +1,23 @@
+import java
+import semmle.code.xml.AndroidManifest
+import TestUtilities.InlineExpectationsTest
+
+// TODO: update for implicit export query
+class DebuggableAttributeTrueTest extends InlineExpectationsTest {
+  DebuggableAttributeTrueTest() { this = "DebuggableAttributeEnabledTest" }
+
+  override string getARelevantTag() { result = "hasDebuggableAttributeEnabled" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasDebuggableAttributeEnabled" and
+    exists(AndroidXmlAttribute androidXmlAttr |
+      androidXmlAttr.getName() = "debuggable" and
+      androidXmlAttr.getValue() = "true" and
+      not androidXmlAttr.getLocation().getFile().getRelativePath().matches("%build%")
+    |
+      androidXmlAttr.getLocation() = location and
+      element = androidXmlAttr.toString() and
+      value = ""
+    )
+  }
+}
diff --git a/java/ql/test/query-tests/security/CWE-926/Test.java b/java/ql/test/query-tests/security/CWE-926/Test.java
@@ -0,0 +1,3 @@
+public class Test {
+
+}
diff --git a/java/ql/test/query-tests/security/CWE-926/options b/java/ql/test/query-tests/security/CWE-926/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: newQuery
 +---
 +* Added a new query, `java/android/implicitly-imported-component`, to detect if an Android component can become implicitly exported.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0`