Skip to content

Commit 60e8910

Browse files
committed
Follow taint across getExtras without qualifier
1 parent 9ae5689 commit 60e8910

File tree

1 file changed

+6
-4
lines changed

1 file changed

+6
-4
lines changed

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -308,16 +308,18 @@ class ReverseDNSMethod extends Method {
308308
/** Exported Android `Intent` that may have come from a hostile application. */
309309
class AndroidIntentInput extends RemoteFlowSource {
310310
AndroidIntentInput() {
311-
this.getEnclosingCallable().getDeclaringType().(AndroidComponent).isExported() and
312-
(
311+
exists(AndroidComponent exportedType |
312+
exportedType.isExported() |
313313
exists(MethodAccess ma, AndroidGetIntentMethod m |
314314
ma.getMethod().overrides*(m) and
315-
this.asExpr() = ma
315+
this.asExpr() = ma and
316+
exportedType = ma.getReceiverType()
316317
)
317318
or
318319
exists(Method m, AndroidReceiveIntentMethod rI |
319320
m.overrides*(rI) and
320-
this.asParameter() = m.getParameter(1)
321+
this.asParameter() = m.getParameter(1) and
322+
exportedType = m.getDeclaringType()
321323
)
322324
)
323325
}

0 commit comments

Comments
 (0)