hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address reviews - Elaborate on docs and update severity

Browse Source
This commit is contained in:
Joe Farebrother
2024-02-09 13:53:36 +00:00
parent f4b6a85a48
commit 16aed18821
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll
View File

@@ -21,7 +21,7 @@ class AuthenticationSuccessCallback extends Method {
this.hasName("onAuthenticationSucceeded")
}
/** Gets the parameter containing the `authenticationResult` */
/** Gets the parameter containing the `authenticationResult`. */
Parameter getResultParameter() { result = this.getParameter(0) }
/** Gets a use of the result parameter that's used in a `super` call to the base `AuthenticationCallback` class. */

5
java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.qhelp
View File

@@ -6,7 +6,8 @@
<overview>
<p>
Biometric local authentication such as fingerprint recognition can be used to protect sensitive data or actions within an application.
However, if this authentication does not make use of a <code>KeyStore</code>-backed key, it is able to be bypassed by a privileged malicious application or an attacker with physical access.
However, if this authentication does not make use of a <code>KeyStore</code>-backed key, it is able to be bypassed by a privileged malicious application or an attacker with physical access,
using application hooking tools such as Frida.
</p>
</overview>
@@ -20,7 +21,7 @@ in a way that is required for the sensitive parts of the application to function
<example>
<p>In the following (bad) case, no <code>CryptoObject</code> is required for the biometric prompt to grant access, so it can be bypassed.</p>
<sample src="AndroidInsecureLocalAuthenticationBad.java" />
<p>In he following (good) case, a secret key is generated in the Android <code>KeyStore</code> that is required for the application to grant access.</p>
<p>In the following (good) case, a secret key is generated in the Android <code>KeyStore</code> that is required for the application to grant access by decrypting data.</p>
<sample src="AndroidInsecureLocalAuthenticationGood.java" />
</example>

2
java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
View File

@@ -3,7 +3,7 @@
* @description Local authentication that does not make use of a `CryptoObject` can be bypassed.
* @kind problem
* @problem.severity warning
* @security-severity 9.3
* @security-severity 4.4
* @precision high
* @id java/android/insecure-local-authentication
* @tags security