Skip to content

Commit 5206c79

Browse files
committed
Additional Unit tests for the allowBackup query
1 parent f6c8144 commit 5206c79

File tree

10 files changed

+127
-3
lines changed

10 files changed

+127
-3
lines changed

java/ql/test/query-tests/security/CWE-312/AndroidManifest.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
android:versionCode="1"
55
android:versionName="0.1" >
66

7-
<application android:allowBackup="true">
7+
<application>
88
<activity android:name=".CleartextStorageAndroidDatabaseTest"></activity>
99
<activity android:name=".CleartextStorageAndroidFileSystemTest"></activity>
1010
<activity android:name=".CleartextStorageSharedPrefsTest"></activity>

java/ql/test/query-tests/security/CWE-312/AllowBackupEnabledTest.ql renamed to java/ql/test/query-tests/security/CWE-312/android/backup/AllowBackupEnabledTest.ql

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,7 @@ class AllowBackupEnabledTest extends InlineExpectationsTest {
1010
override predicate hasActualResult(Location location, string element, string tag, string value) {
1111
tag = "hasAllowedBackupEnabled" and
1212
exists(AndroidApplicationXmlElement androidAppElem |
13-
androidAppElem.allowsBackup() and
14-
not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
13+
androidAppElem.allowsBackup()
1514
|
1615
androidAppElem.getAttribute("allowBackup").getLocation() = location and
1716
element = androidAppElem.getAttribute("debuggable").toString() and
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
package="com.example.myapplication" />
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
xmlns:tools="http://schemas.android.com/tools"
4+
package="com.example.myapplication">
5+
6+
<!-- Safe: 'android:allowBackup' explicitly disabled --> <application
7+
android:allowBackup="false"
8+
android:dataExtractionRules="@xml/data_extraction_rules"
9+
android:fullBackupContent="@xml/backup_rules"
10+
android:icon="@mipmap/ic_launcher"
11+
android:label="@string/app_name"
12+
android:roundIcon="@mipmap/ic_launcher_round"
13+
android:supportsRtl="true"
14+
android:theme="@style/Theme.MyApplication"
15+
tools:targetApi="31">
16+
<activity
17+
android:name=".MainActivity"
18+
android:exported="true"
19+
android:label="@string/app_name"
20+
android:theme="@style/Theme.MyApplication.NoActionBar">
21+
<intent-filter>
22+
<action android:name="android.intent.action.MAIN" />
23+
24+
<category android:name="android.intent.category.LAUNCHER" />
25+
</intent-filter>
26+
</activity>
27+
</application>
28+
29+
</manifest>
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
xmlns:tools="http://schemas.android.com/tools"
4+
package="com.example.myapplication">
5+
6+
<!-- $ hasAllowBackupEnabled --> <application
7+
android:allowBackup="true"
8+
android:dataExtractionRules="@xml/data_extraction_rules"
9+
android:fullBackupContent="@xml/backup_rules"
10+
android:icon="@mipmap/ic_launcher"
11+
android:label="@string/app_name"
12+
android:roundIcon="@mipmap/ic_launcher_round"
13+
android:supportsRtl="true"
14+
android:theme="@style/Theme.MyApplication"
15+
tools:targetApi="31">
16+
<activity
17+
android:name=".MainActivity"
18+
android:exported="true"
19+
android:label="@string/app_name"
20+
android:theme="@style/Theme.MyApplication.NoActionBar">
21+
<intent-filter>
22+
<action android:name="android.intent.action.MAIN" />
23+
24+
<category android:name="android.intent.category.LAUNCHER" />
25+
</intent-filter>
26+
</activity>
27+
</application>
28+
29+
</manifest>
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
package="com.example.myapplication" >
4+
<!-- Safe: application element does not provide the MAIN intent --> <application android:supportsRtl="true">
5+
</application>
6+
</manifest>
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
xmlns:tools="http://schemas.android.com/tools"
4+
package="com.example.myapplication">
5+
6+
<!-- $ hasAllowBackupEnabled --> <application
7+
android:dataExtractionRules="@xml/data_extraction_rules"
8+
android:fullBackupContent="@xml/backup_rules"
9+
android:icon="@mipmap/ic_launcher"
10+
android:label="@string/app_name"
11+
android:roundIcon="@mipmap/ic_launcher_round"
12+
android:supportsRtl="true"
13+
android:theme="@style/Theme.MyApplication"
14+
tools:targetApi="31">
15+
<activity
16+
android:name=".ItemDetailHostActivity"
17+
android:exported="true"
18+
android:label="@string/app_name"
19+
android:resizeableActivity="true"
20+
tools:targetApi="24">
21+
<intent-filter>
22+
<action android:name="android.intent.action.MAIN" />
23+
24+
<category android:name="android.intent.category.LAUNCHER" />
25+
</intent-filter>
26+
</activity>
27+
</application>
28+
29+
</manifest>
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
<?xml version="1.0" encoding="utf-8"?>
2+
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
3+
xmlns:tools="http://schemas.android.com/tools"
4+
package="com.example.myapplication">
5+
6+
<!-- Safe: files in the build directory are ignored --> <application
7+
android:allowBackup="true"
8+
android:dataExtractionRules="@xml/data_extraction_rules"
9+
android:fullBackupContent="@xml/backup_rules"
10+
android:icon="@mipmap/ic_launcher"
11+
android:label="@string/app_name"
12+
android:roundIcon="@mipmap/ic_launcher_round"
13+
android:supportsRtl="true"
14+
android:theme="@style/Theme.MyApplication"
15+
tools:targetApi="31">
16+
<activity
17+
android:name=".MainActivity"
18+
android:exported="true"
19+
android:label="@string/app_name"
20+
android:theme="@style/Theme.MyApplication.NoActionBar">
21+
<intent-filter>
22+
<action android:name="android.intent.action.MAIN" />
23+
24+
<category android:name="android.intent.category.LAUNCHER" />
25+
</intent-filter>
26+
</activity>
27+
</application>
28+
29+
</manifest>

0 commit comments

Comments
 (0)