Apply suggestions from code review

Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
2025-12-21 19:26:31 +01:00 · 2021-08-19 16:43:39 +02:00
parent aa2cdb7a53
commit 28369d1822
1 changed files with 3 additions and 2 deletions
--- a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
+++ b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
@@ -6,14 +6,15 @@
        on behalf of the victim app.</p>
    </overview>
    <recommendation>
-        <p>Do not export compontents that start other components from a user-provided Intent. 
+        <p>Do not export components that start other components from a user-provided Intent. 
        They can be made private by setting the <code>android:exported</code> property to <code>false</code> in the app's Android Manifest.</p>
        <p>If this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.</p>
    </recommendation>
    <example>
        <p>The following snippet contains two examples.
        In the first example, an arbitrary component can be started from the externally provided <code>forward_intent</code> Intent.
-        In the second example, the destination component of the Intent is first checked to make sure it is safe.</p>
+        In the second example, the destination component of the Intent is first checked to make sure it is safe.
+        In the third example, the component that created the Intent is first checked to make sure it comes from a trusted origin.</p>
        <sample src="AndroidIntentRedirectionSample.java" />
    </example>
    <references>