Add support for android:allowBackup default value

egregius313 · egregius313 · commit dad4a403dbac · 2022-08-24T15:54:13.000-04:00
The default value of `android:allowBackup` is `true`. Added support for
detecting if the default value is used.
diff --git a/java/ql/lib/semmle/code/xml/AndroidManifest.qll b/java/ql/lib/semmle/code/xml/AndroidManifest.qll
@@ -74,13 +74,17 @@ class AndroidApplicationXmlElement extends XmlElement {
   predicate requiresPermissions() { this.getAnAttribute().(AndroidPermissionXmlAttribute).isFull() }
 
   /**
-   * Holds if this application element has the attribute `android:allowBackup` set to `true`.
+   * Holds if this application element enables the `android:allowBackup` attribute.
+   *
+   * https://developer.android.com/guide/topics/data/autobackup
    */
   predicate allowsBackup() {
-    exists(AndroidXmlAttribute attr |
+    // The default value for the attribute `android:allowBackup` is `true`.
+    // Therefore we also check if it is not present.
+    not exists(AndroidXmlAttribute attr |
       this.getAnAttribute() = attr and
       attr.getName() = "allowBackup" and
-      attr.getValue() = "true"
+      attr.getValue() = "false"
     )
   }
 }
diff --git a/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql b/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
@@ -17,4 +17,4 @@ from AndroidApplicationXmlElement androidAppElem
 where
   androidAppElem.allowsBackup() and
   androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
-select androidAppElem.getAttribute("allowBackup"), "The 'android:allowBackup' attribute is enabled."
+select androidAppElem, "The 'android:allowBackup' attribute is enabled."
diff --git a/java/ql/src/Security/CWE/CWE-312/AllowBackupEmpty.xml b/java/ql/src/Security/CWE/CWE-312/AllowBackupEmpty.xml
@@ -0,0 +1,7 @@
+<manifest ... >
+    <!-- BAD: no 'android:allowBackup' set, defaults to 'true' -->
+    <application>
+        <activity ... >
+        </activity>
+    </application>
+</manifest>
