Fix method name in LocalDatabaseOpenMethodAccess

atorralba · atorralba · commit 4f253590f184 · 2022-01-21T16:55:43.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll
@@ -33,7 +33,7 @@ class LocalDatabaseOpenMethodAccess extends Storable, Call {
       m.hasName("getWritableDatabase")
       or
       m.getDeclaringType() instanceof TypeSQLiteDatabase and
-      m.hasName(["create", "open%Database", "compileStatement"])
+      m.hasName(["create", "openDatabase", "openOrCreateDatabase", "compileStatement"])
       or
       m.getDeclaringType().getASupertype*() instanceof TypeContext and
       m.hasName("openOrCreateDatabase")
diff --git a/java/ql/test/query-tests/security/CWE-312/CleartextStorageAndroidDatabaseTest.java b/java/ql/test/query-tests/security/CWE-312/CleartextStorageAndroidDatabaseTest.java
@@ -19,14 +19,20 @@ public void testCleartextStorageAndroiDatabaseSafe2(Context ctx, String name, St
         db.execSQL("DROP TABLE passwords;"); // Safe - no sensitive value being stored
     }
 
-    public void testCleartextStorageAndroiDatabase1(Context ctx, String name, String password) {
+    public void testCleartextStorageAndroiDatabase0(Context ctx, String name, String password) {
         SQLiteDatabase db = ctx.openOrCreateDatabase("test", Context.MODE_PRIVATE, null);
         String query = "INSERT INTO users VALUES ('" + name + "', '" + password + "');";
         db.execSQL(query); // $ hasCleartextStorageAndroidDatabase
     }
 
+    public void testCleartextStorageAndroiDatabase1(Context ctx, String name, String password) {
+        SQLiteDatabase db = SQLiteDatabase.openDatabase("", null, 0);
+        String query = "INSERT INTO users VALUES ('" + name + "', '" + password + "');";
+        db.execSQL(query); // $ hasCleartextStorageAndroidDatabase
+    }
+
     public void testCleartextStorageAndroiDatabase2(String name, String password) {
-        SQLiteDatabase db = SQLiteDatabase.create(null);
+        SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase("", null);
         String query = "INSERT INTO users VALUES (?, ?)";
         db.execSQL(query, new String[] {name, password}); // $ hasCleartextStorageAndroidDatabase
     }
