Java: fix some android database sinks

aibaars · aibaars · commit cf6036f9b4d7 · 2020-09-30T14:42:19.000+02:00
diff --git a/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/src/semmle/code/java/frameworks/android/SQLite.qll
@@ -52,13 +52,13 @@ private class QueryMethod extends SQLiteRunner {
     this.getName() = "query" and
     (
       if this.getParameter(0).getType() instanceof TypeString
-      then result = [2, 4, 5, 6, 7]
-      else result = [3, 5, 6, 7, 8]
+      then result = [0, 1, 2, 4, 5, 6, 7]
+      else result = [1, 2, 3, 5, 6, 7, 8]
     )
     or
     // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal)
     // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)
-    this.getName() = "queryWithFactory" and result = [4, 6, 7, 8, 9]
+    this.getName() = "queryWithFactory" and result = [2, 3, 4, 6, 7, 8, 9]
   }
 }
 
@@ -171,7 +171,7 @@ private class QueryBuilderQueryMethod extends SQLiteRunner {
     this.hasName("query")
   }
 
-  override int sqlIndex() { result = [-1, 3, 5, 6, 7, 8] }
+  override int sqlIndex() { result = [-1, 2, 4, 5, 6, 7] }
 }
 
 private class QueryBuilderUpdateMethod extends SQLiteRunner {
diff --git a/java/ql/test/library-tests/frameworks/android/taint-database/sinks.expected b/java/ql/test/library-tests/frameworks/android/taint-database/sinks.expected
@@ -8,49 +8,63 @@
 | Sinks.java:69:18:69:20 | sql |
 | Sinks.java:75:18:75:20 | sql |
 | Sinks.java:82:3:82:8 | target |
+| Sinks.java:95:26:95:30 | table |
+| Sinks.java:95:33:95:39 | columns |
 | Sinks.java:95:42:95:50 | selection |
 | Sinks.java:95:68:95:74 | groupBy |
 | Sinks.java:95:77:95:82 | having |
 | Sinks.java:95:85:95:91 | orderBy |
 | Sinks.java:95:94:95:98 | limit |
+| Sinks.java:109:26:109:30 | table |
+| Sinks.java:109:33:109:39 | columns |
 | Sinks.java:109:42:109:50 | selection |
 | Sinks.java:109:68:109:74 | groupBy |
 | Sinks.java:109:77:109:82 | having |
 | Sinks.java:109:85:109:91 | orderBy |
 | Sinks.java:109:94:109:98 | limit |
+| Sinks.java:121:16:121:20 | table |
+| Sinks.java:121:23:121:29 | columns |
 | Sinks.java:121:32:121:40 | selection |
 | Sinks.java:121:58:121:64 | groupBy |
 | Sinks.java:121:67:121:72 | having |
 | Sinks.java:121:75:121:81 | orderBy |
+| Sinks.java:133:16:133:20 | table |
+| Sinks.java:133:23:133:29 | columns |
 | Sinks.java:133:32:133:40 | selection |
 | Sinks.java:133:58:133:64 | groupBy |
 | Sinks.java:133:67:133:72 | having |
 | Sinks.java:133:75:133:81 | orderBy |
 | Sinks.java:133:84:133:88 | limit |
 | Sinks.java:145:3:145:8 | target |
-| Sinks.java:145:45:145:57 | selectionArgs |
+| Sinks.java:145:34:145:42 | selection |
+| Sinks.java:145:60:145:66 | groupBy |
 | Sinks.java:145:69:145:74 | having |
 | Sinks.java:145:77:145:85 | sortOrder |
 | Sinks.java:158:3:158:8 | target |
-| Sinks.java:158:45:158:57 | selectionArgs |
+| Sinks.java:158:34:158:42 | selection |
+| Sinks.java:158:60:158:66 | groupBy |
 | Sinks.java:158:69:158:74 | having |
 | Sinks.java:158:77:158:85 | sortOrder |
 | Sinks.java:158:88:158:92 | limit |
 | Sinks.java:172:3:172:8 | target |
-| Sinks.java:172:45:172:57 | selectionArgs |
+| Sinks.java:172:34:172:42 | selection |
+| Sinks.java:172:60:172:66 | groupBy |
 | Sinks.java:172:69:172:74 | having |
 | Sinks.java:172:77:172:85 | sortOrder |
 | Sinks.java:172:88:172:92 | limit |
-| Sinks.java:172:95:172:112 | cancellationSignal |
 | Sinks.java:181:33:181:41 | selection |
 | Sinks.java:191:33:191:41 | selection |
 | Sinks.java:200:33:200:41 | selection |
 | Sinks.java:210:33:210:41 | selection |
+| Sinks.java:224:52:224:56 | table |
+| Sinks.java:224:59:224:65 | columns |
 | Sinks.java:224:68:224:76 | selection |
 | Sinks.java:224:94:224:100 | groupBy |
 | Sinks.java:224:103:224:108 | having |
 | Sinks.java:225:5:225:11 | orderBy |
 | Sinks.java:225:14:225:18 | limit |
+| Sinks.java:240:52:240:56 | table |
+| Sinks.java:240:59:240:65 | columns |
 | Sinks.java:240:68:240:76 | selection |
 | Sinks.java:240:94:240:100 | groupBy |
 | Sinks.java:240:103:240:108 | having |

Original file line number	Diff line number	Diff line change
`@@ -52,13 +52,13 @@ private class QueryMethod extends SQLiteRunner {`
`52`	`52`	`this.getName() = "query" and`
`53`	`53`	`(`
`54`	`54`	`if this.getParameter(0).getType() instanceof TypeString`
`55`		`- then result = [2, 4, 5, 6, 7]`
`56`		`- else result = [3, 5, 6, 7, 8]`
	`55`	`+ then result = [0, 1, 2, 4, 5, 6, 7]`
	`56`	`+ else result = [1, 2, 3, 5, 6, 7, 8]`
`57`	`57`	`)`
`58`	`58`	`or`
`59`	`59`	`// queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal)`
`60`	`60`	`// queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit)`
`61`		`- this.getName() = "queryWithFactory" and result = [4, 6, 7, 8, 9]`
	`61`	`+ this.getName() = "queryWithFactory" and result = [2, 3, 4, 6, 7, 8, 9]`
`62`	`62`	`}`
`63`	`63`	`}`
`64`	`64`
`@@ -171,7 +171,7 @@ private class QueryBuilderQueryMethod extends SQLiteRunner {`
`171`	`171`	`this.hasName("query")`
`172`	`172`	`}`
`173`	`173`
`174`		`- override int sqlIndex() { result = [-1, 3, 5, 6, 7, 8] }`
	`174`	`+ override int sqlIndex() { result = [-1, 2, 4, 5, 6, 7] }`
`175`	`175`	`}`
`176`	`176`
`177`	`177`	`private class QueryBuilderUpdateMethod extends SQLiteRunner {`