codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Java: Android deeplink analysis

Open jcogs33 opened this issue 3 years ago • 1 comments
trafficstars

Summary: This PR adds flow steps to model the routing aspect of a deeplink-handling Android component (i.e. wire the Intent being sent from the deeplink router to its destination).

Description:

  • Updated the existing StartActivityIntentStep step to handle an Intent constructor with four arguments. Also added more startActivity methods.
  • Added steps for services and receivers.

Consideration:

  • The expectation comments for the tests are very lengthy due to how I used the expected-value tag. Let me know if there is a more concise way to structure these tests to avoid the lengthy comment.
  • I updated a few QLDocs in the Intent.qll file to be in line with the QLDocs style guide which states: "For single-line documentation, the /** and */ are written on the same line as the comment". Let me know if these updates should not be included in this PR.
  • Is there anything else to consider with the logic or code design?

jcogs33 avatar Sep 09 '22 23:09 jcogs33

Thanks @atorralba! Updates made in commit b4e8e97.

jcogs33 avatar Sep 29 '22 19:09 jcogs33