excluded action main from query results, added unit test

Author: Jami Cogswell

java/ql/lib/semmle/code/java/security/ImplicitlyExportedAndroidComponent.qll

@@ -9,10 +9,10 @@ class ImplicitlyExportedAndroidComponent extends AndroidComponentXmlElement {
     this.hasAnIntentFilterElement() and
     not this.getAnIntentFilterElement().getACategoryElement().getCategoryName() =
       "android.intent.category.LAUNCHER" and
+    not this.getAnIntentFilterElement().getAnActionElement().getActionName() =
+      "android.intent.action.MAIN" and
     not this.requiresPermissions() and
     not this.getParent().(AndroidApplicationXmlElement).requiresPermissions() and
-    not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory() //and
-    //not this.getAnIntentFilterElement().getAnActionElement().getActionName() =
-    //  "android.intent.action.MAIN"
+    not this.getFile().(AndroidManifestXmlFile).isInBuildDirectory()
   }
 }

java/ql/test/query-tests/security/CWE-926/AndroidManifest.xml

@@ -102,6 +102,13 @@
             </intent-filter>
         </activity>
 
+        <!-- Safe: has action 'android.intent.category.MAIN' --> <activity
+            android:name=".Activity">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+            </intent-filter>
+        </activity>
+
     </application>
 
 </manifest>