mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
Added QLDoc
This commit is contained in:
Tony Torralba
18
java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirect.qhelp
Normal file
18
java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirect.qhelp
Normal file
@@ -0,0 +1,18 @@
|
||||
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
|
||||
<qhelp>
|
||||
<overview>
|
||||
<p></p>
|
||||
</overview>
|
||||
<recommendation>
|
||||
<p></p>
|
||||
</recommendation>
|
||||
<example>
|
||||
<p></p>
|
||||
<sample src="" />
|
||||
</example>
|
||||
<references>
|
||||
<li>
|
||||
<a href=""></a>
|
||||
</li>
|
||||
</references>
|
||||
</qhelp>
|
||||
@@ -1,15 +1,28 @@
|
||||
/** Provides classes to reason about Androind Intent redirect vulnerabilities. */
|
||||
|
||||
import java
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.frameworks.android.Intent
|
||||
|
||||
/**
|
||||
* A sink for Intent redirect vulnerabilities in Android,
|
||||
* that is, method calls that start Android components (like activities or services).
|
||||
*/
|
||||
abstract class IntentRedirectSink extends DataFlow::Node { }
|
||||
|
||||
/** A sanitizer for data used to start an Android component. */
|
||||
abstract class IntentRedirectSanitizer extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps.
|
||||
*
|
||||
* Extend this class to add additional taint steps that should apply to `IntentRedirectConfiguration`.
|
||||
*/
|
||||
class IntentRedirectAdditionalTaintStep extends Unit {
|
||||
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
|
||||
}
|
||||
|
||||
/** Default sink for Intent redirect vulnerabilities. */
|
||||
private class DefaultIntentRedirectSink extends IntentRedirectSink {
|
||||
DefaultIntentRedirectSink() {
|
||||
exists(MethodAccess ma, Method m |
|
||||
|
||||
Reference in New Issue
Block a user