diff --git a/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md b/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md new file mode 100644 index 000000000000..9e1a13173ab8 --- /dev/null +++ b/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::isAndroid` instead. diff --git a/java/ql/lib/semmle/code/java/frameworks/Swagger.qll b/java/ql/lib/semmle/code/java/frameworks/Swagger.qll new file mode 100644 index 000000000000..da24bb84fec9 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/Swagger.qll @@ -0,0 +1,11 @@ +/** Definitions related to `io.swagger`. */ + +import java +private import semmle.code.xml.AndroidManifest + +/** An Android Manifest automatically generated by Swagger Codegen. */ +class SwaggerCodegenAndroidManifest extends AndroidManifestXmlFile { + SwaggerCodegenAndroidManifest() { + this.getManifestElement().getAttribute("package").getValue() = "io.swagger.client" + } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll index 1a992eb5565d..1c53d89ea7f6 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll @@ -4,6 +4,12 @@ import java private import semmle.code.xml.AndroidManifest +private import semmle.code.java.frameworks.Swagger + +/** Holds if this database is of an Android application. */ +predicate isAndroid() { + exists(AndroidManifestXmlFile m | not m instanceof SwaggerCodegenAndroidManifest) +} /** * Gets a reflexive/transitive superType diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll index 423df0685447..ba634600193c 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll @@ -6,6 +6,7 @@ import semmle.code.java.dataflow.TaintTracking import semmle.code.java.frameworks.Networking import semmle.code.java.security.Encryption import semmle.code.java.security.HttpsUrls +private import semmle.code.java.frameworks.android.Android as Android /** An Android Network Security Configuration XML file. */ class AndroidNetworkSecurityConfigFile extends XmlFile { @@ -19,8 +20,12 @@ class AndroidNetworkSecurityConfigFile extends XmlFile { } } -/** Holds if this database is of an Android application. */ -predicate isAndroid() { exists(AndroidManifestXmlFile m) } +/** + * DEPRECATED. Use `semmle.code.java.frameworks.android.Android::isAndroid` instead. + * + * Holds if this database is of an Android application. + */ +deprecated predicate isAndroid() { Android::isAndroid() } /** Holds if the given domain name is trusted by the Network Security Configuration XML file. */ private predicate trustedDomainViaXml(string domainName) { @@ -122,7 +127,7 @@ private module UntrustedUrlFlow = TaintTracking::Global; /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */ predicate missingPinning(MissingPinningSink node, string domain) { - isAndroid() and + Android::isAndroid() and exists(DataFlow::Node src | UntrustedUrlFlow::flow(src, node) | if trustedDomain(_) then domain = getDomain(src.asExpr()) else domain = "" ) diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll index 06fa83813124..0b5780368518 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll @@ -10,12 +10,12 @@ import semmle.code.xml.AndroidManifest private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSinks private import semmle.code.java.dataflow.FlowSources +private import semmle.code.java.frameworks.android.Android private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink { AndroidFilesystemCleartextStorageSink() { filesystemInput(_, this.asExpr()) and - // Make sure we are in an Android application. - exists(AndroidManifestXmlFile manifest) + isAndroid() } } diff --git a/java/ql/src/change-notes/2024-06-12-swagger-android-exclusion.md b/java/ql/src/change-notes/2024-06-12-swagger-android-exclusion.md new file mode 100644 index 000000000000..dcc435ae217f --- /dev/null +++ b/java/ql/src/change-notes/2024-06-12-swagger-android-exclusion.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The heuristic to enable certain Android queries has been improved. Now it ignores Android Manifests generated by [Swagger Codegen](https://github.com/swagger-api/swagger-codegen).