hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add sensitive notification query

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-10 12:18:26 +00:00
parent 95a200453b
commit 143ce0b94a
4 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql Normal file
View File

@@ -0,0 +1,21 @@
/**
* @name Exposure of sensitive information to notifications
* @id java/android/sensitive-notification
* @kind path-problem
* @description Sensitive information exposed in a system notification can be read by an unauthorized application.
* @problem.severity error
* @precision medium
* @security-severity 6.5
* @tags security
* external/cwe/cwe-200
*/
import java
import java
import semmle.code.java.security.SensitiveUiQuery
import NotificationTracking::PathGraph
from NotificationTracking::PathNode source, NotificationTracking::PathNode sink
where NotificationTracking::flowPath(source, sink)
select sink, source, sink, "This $@ is exposed in a system notification.", source,
"sensitive information"