hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

allowBackup documentation updates

Browse Source 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
This commit is contained in:
Edward Minnix III
2022-09-09 09:30:49 -04:00
committed by GitHub
parent 83c8e22225
commit 08a17b355e
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/change-notes/2022-08-18-android-manifest-backup-predicate.md
View File

@@ -1,4 +1,4 @@
---
category: feature
---
* Added a new predicate, `allowsBackup`, in the `AndroidApplicationXmlElement` class. This predicate detects if the application element has its `android:allowBackup` attribute enabled.
* Added a new predicate, `allowsBackup`, in the `AndroidApplicationXmlElement` class. This predicate detects if the application element does not disable the `android:allowBackup` attribute.

6
java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Android allowBackup attribute enabled
* @description Enabling the `android:allowBackup` attribute may allow an attacker to extract sensitive data.
* @name Application backup allowed
* @description Allowing application backups may allow an attacker to extract sensitive data.
* @kind problem
* @problem.severity recommendation
* @security-severity 7.5
@@ -15,4 +15,4 @@ import semmle.code.xml.AndroidManifest
from AndroidApplicationXmlElement androidAppElem
where androidAppElem.allowsBackup()
select androidAppElem, "The 'android:allowBackup' attribute is enabled."
select androidAppElem, "Backups are allowed in this Android application."