Skip to content

Commit ff731f1

Browse files
atorralbaatorralba
authored
Merge pull request #10138 from atorralba/atorralba/contentresolver-summaries
Java: Add summaries for ContentResolver and adjacent classes
2 parents c0dd9dd + 22558e5 commit ff731f1

File tree

6 files changed

+781
-1
lines changed

6 files changed

+781
-1
lines changed

java/ql/lib/change-notes/2022-08-23-contentresolver-summaries.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Added new flow steps for the following Android classes:
5+
* `android.content.ContentResolver`
6+
* `android.content.ContentProviderClient`
7+
* `android.content.ContentProviderOperation`
8+
* `android.content.ContentProviderOperation$Builder`
9+
* `android.content.ContentProviderResult`
10+
* `android.database.Cursor`

java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll

Lines changed: 58 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,64 @@ private class SummaryModels extends SummaryModelCsv {
5353
"android.content;ContentValues;false;put;;;Argument[0];Argument[-1].MapKey;value;manual",
5454
"android.content;ContentValues;false;put;;;Argument[1];Argument[-1].MapValue;value;manual",
5555
"android.content;ContentValues;false;putAll;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual",
56-
"android.content;ContentValues;false;putAll;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual"
56+
"android.content;ContentValues;false;putAll;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual",
57+
"android.content;ContentResolver;true;acquireContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
58+
"android.content;ContentResolver;true;acquireUnstableContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
59+
"android.content;ContentResolver;true;acquireUnstableContentProviderClient;;;Argument[0];ReturnValue;taint;manual",
60+
"android.content;ContentResolver;true;applyBatch;;;Argument[1];ReturnValue;taint;manual",
61+
"android.content;ContentResolver;true;call;;;Argument[0];ReturnValue;taint;manual",
62+
"android.content;ContentResolver;true;canonicalize;;;Argument[0];ReturnValue;taint;manual",
63+
"android.content;ContentResolver;true;getStreamTypes;;;Argument[0];ReturnValue;taint;manual",
64+
"android.content;ContentResolver;true;getType;;;Argument[0];ReturnValue;taint;manual",
65+
"android.content;ContentResolver;true;insert;;;Argument[0];ReturnValue;taint;manual",
66+
"android.content;ContentResolver;true;query;;;Argument[0];ReturnValue;taint;manual",
67+
"android.content;ContentResolver;true;uncanonicalize;;;Argument[0];ReturnValue;taint;manual",
68+
"android.content;ContentResolver;true;wrap;;;Argument[0];ReturnValue;taint;manual",
69+
// ContentProviderClient is tainted at its creation, not by its arguments
70+
"android.content;ContentProviderClient;true;applyBatch;;;Argument[-1];ReturnValue;taint;manual",
71+
"android.content;ContentProviderClient;true;call;;;Argument[-1];ReturnValue;taint;manual",
72+
"android.content;ContentProviderClient;true;canonicalize;;;Argument[-1];ReturnValue;taint;manual",
73+
"android.content;ContentProviderClient;true;getLocalContentProvider;;;Argument[-1];ReturnValue;taint;manual",
74+
"android.content;ContentProviderClient;true;getStreamTypes;;;Argument[-1];ReturnValue;taint;manual",
75+
"android.content;ContentProviderClient;true;insert;;;Argument[-1];ReturnValue;taint;manual",
76+
"android.content;ContentProviderClient;true;query;;;Argument[-1];ReturnValue;taint;manual",
77+
"android.content;ContentProviderClient;true;uncanonicalize;;;Argument[-1];ReturnValue;taint;manual",
78+
"android.content;ContentProviderOperation;false;apply;;;Argument[-1];ReturnValue;taint;manual",
79+
"android.content;ContentProviderOperation;false;apply;;;Argument[0];ReturnValue;taint;manual",
80+
"android.content;ContentProviderOperation;false;getUri;;;Argument[-1];ReturnValue;taint;manual",
81+
"android.content;ContentProviderOperation;false;newAssertQuery;;;Argument[0];ReturnValue;taint;manual",
82+
"android.content;ContentProviderOperation;false;newCall;;;Argument[0];ReturnValue;taint;manual",
83+
"android.content;ContentProviderOperation;false;newDelete;;;Argument[0];ReturnValue;taint;manual",
84+
"android.content;ContentProviderOperation;false;newInsert;;;Argument[0];ReturnValue;taint;manual",
85+
"android.content;ContentProviderOperation;false;newUpdate;;;Argument[0];ReturnValue;taint;manual",
86+
"android.content;ContentProviderOperation;false;resolveExtrasBackReferences;;;Argument[0];ReturnValue;taint;manual",
87+
"android.content;ContentProviderOperation;false;resolveSelectionArgsBackReferences;;;Argument[0];ReturnValue;taint;manual",
88+
"android.content;ContentProviderOperation;false;resolveValueBackReferences;;;Argument[0];ReturnValue;taint;manual",
89+
"android.content;ContentProviderOperation$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual",
90+
"android.content;ContentProviderOperation$Builder;false;withExceptionAllowed;;;Argument[-1];ReturnValue;value;manual",
91+
"android.content;ContentProviderOperation$Builder;false;withExpectedCount;;;Argument[-1];ReturnValue;value;manual",
92+
"android.content;ContentProviderOperation$Builder;false;withExtra;;;Argument[-1];ReturnValue;value;manual",
93+
"android.content;ContentProviderOperation$Builder;false;withExtraBackReference;;;Argument[-1];ReturnValue;value;manual",
94+
"android.content;ContentProviderOperation$Builder;false;withExtras;;;Argument[-1];ReturnValue;value;manual",
95+
"android.content;ContentProviderOperation$Builder;false;withSelection;;;Argument[-1];ReturnValue;value;manual",
96+
"android.content;ContentProviderOperation$Builder;false;withSelectionBackReference;;;Argument[-1];ReturnValue;value;manual",
97+
"android.content;ContentProviderOperation$Builder;false;withValue;;;Argument[-1];ReturnValue;value;manual",
98+
"android.content;ContentProviderOperation$Builder;false;withValueBackReference;;;Argument[-1];ReturnValue;value;manual",
99+
"android.content;ContentProviderOperation$Builder;false;withValues;;;Argument[-1];ReturnValue;value;manual",
100+
"android.content;ContentProviderOperation$Builder;false;withYieldAllowed;;;Argument[-1];ReturnValue;value;manual",
101+
"android.content;ContentProviderResult;false;ContentProviderResult;(Uri);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.uri];value;manual",
102+
"android.content;ContentProviderResult;false;ContentProviderResult;(Bundle);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.extras];value;manual",
103+
"android.content;ContentProviderResult;false;ContentProviderResult;(Throwable);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.exception];value;manual",
104+
"android.content;ContentProviderResult;false;ContentProviderResult;(Parcel);;Argument[0];Argument[-1];taint;manual",
105+
"android.database;Cursor;true;copyStringToBuffer;;;Argument[-1];Argument[1];taint;manual",
106+
"android.database;Cursor;true;getBlob;;;Argument[-1];ReturnValue;taint;manual",
107+
"android.database;Cursor;true;getColumnName;;;Argument[-1];ReturnValue;taint;manual",
108+
"android.database;Cursor;true;getColumnNames;;;Argument[-1];ReturnValue;taint;manual",
109+
"android.database;Cursor;true;getExtras;;;Argument[-1];ReturnValue;taint;manual",
110+
"android.database;Cursor;true;getNotificationUri;;;Argument[-1];ReturnValue;taint;manual",
111+
"android.database;Cursor;true;getNotificationUris;;;Argument[-1];ReturnValue;taint;manual",
112+
"android.database;Cursor;true;getString;;;Argument[-1];ReturnValue;taint;manual",
113+
"android.database;Cursor;true;respond;;;Argument[-1];ReturnValue;taint;manual"
57114
]
58115
}
59116
}

0 commit comments

Comments
 (0)