hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix qhelp

Browse Source
This commit is contained in:
Tony Torralba
2022-08-30 16:27:22 +02:00
parent 76ea255277
commit 39b5ebfd7b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.qhelp
View File

@@ -28,12 +28,12 @@
</p>
</recommendation>
<example>
<p>
This example shows two ways of opening a file using a <code>ContentResolver</code>. In the first case, externally-provided
data coming from an intent is directly used in the file-reading operation, allowing an attacker to provide a URI
of the form <code>/data/data/(vulnerable app package)/(private file)</code> to trick the application into reading it and
copying it to the external storage. In the second case, the URI is validated before being used, making sure it does not reference
any internal application files.
<p>
</p>
<sample src="UnsafeContentUriResolution.java" />
</example>