Support SQLiteDatabase.replace

atorralba · atorralba · commit 172646078f5d · 2021-08-17T17:30:15.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/CleartextStorageQuery.qll b/java/ql/src/semmle/code/java/security/CleartextStorageQuery.qll
@@ -417,7 +417,7 @@ private predicate localDatabaseStore(DataFlow::Node database, MethodAccess store
     database.asExpr() = store.getQualifier()
     or
     m.getDeclaringType() instanceof TypeSQLiteDatabase and
-    m.getName().matches(["insert%", "update%"]) and
+    m.getName().matches(["insert%", "replace%", "update%"]) and
     database.asExpr() = store.getAnArgument() and
     database.getType() instanceof ContentValues
     or
diff --git a/java/ql/test/query-tests/security/CWE-312/CleartextStorageAndroidDatabaseTest.java b/java/ql/test/query-tests/security/CWE-312/CleartextStorageAndroidDatabaseTest.java
@@ -72,10 +72,26 @@ public void testCleartextStorageAndroiDatabase7(String name, String password) {
         ContentValues cv = new ContentValues();
         cv.put("username", name);
         cv.put("password", password); // $ hasCleartextStorageAndroidDatabase
-        db.update("table", cv, "", new String[] {});
+        db.replace("table", null, cv);
     }
 
     public void testCleartextStorageAndroiDatabase8(String name, String password) {
+        SQLiteDatabase db = SQLiteDatabase.openDatabase("", null, 0);
+        ContentValues cv = new ContentValues();
+        cv.put("username", name);
+        cv.put("password", password); // $ hasCleartextStorageAndroidDatabase
+        db.replaceOrThrow("table", null, cv);
+    }
+
+    public void testCleartextStorageAndroiDatabase9(String name, String password) {
+        SQLiteDatabase db = SQLiteDatabase.openDatabase("", null, 0);
+        ContentValues cv = new ContentValues();
+        cv.put("username", name);
+        cv.put("password", password); // $ hasCleartextStorageAndroidDatabase
+        db.update("table", cv, "", new String[] {});
+    }
+
+    public void testCleartextStorageAndroiDatabase10(String name, String password) {
         SQLiteDatabase db = SQLiteDatabase.openDatabase("", null, 0);
         ContentValues cv = new ContentValues();
         cv.put("username", name);
@@ -89,14 +105,14 @@ public void testCleartextStorageAndroiDatabaseSafe4(SQLiteDatabase db, String na
         SQLiteStatement stmt = db.compileStatement(query); // Safe - statement isn't executed
     }
 
-    public void testCleartextStorageAndroiDatabase9(SQLiteDatabase db, String name,
+    public void testCleartextStorageAndroiDatabase11(SQLiteDatabase db, String name,
             String password) {
         String query = "INSERT INTO users VALUES ('" + name + "', '" + password + "');";
         SQLiteStatement stmt = db.compileStatement(query); // $ hasCleartextStorageAndroidDatabase
         stmt.executeUpdateDelete();
     }
 
-    public void testCleartextStorageAndroiDatabase10(SQLiteDatabase db, String name,
+    public void testCleartextStorageAndroiDatabase12(SQLiteDatabase db, String name,
             String password) {
         String query = "INSERT INTO users VALUES ('" + name + "', '" + password + "');";
         SQLiteStatement stmt = db.compileStatement(query); // $ hasCleartextStorageAndroidDatabase
