Consider taint through bitwise operations on PendingIntent flags

2026-04-30 19:26:02 +02:00 · 2022-11-21 10:10:38 +01:00
parent ef270232dc
commit 43f4dd8bc4
2 changed files with 14 additions and 3 deletions
--- a/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
+++ b/java/ql/test/query-tests/security/CWE-927/ImplicitPendingIntentsTest.java
@@ -156,7 +156,7 @@ public class ImplicitPendingIntentsTest {
            PendingIntent pi = PendingIntent.getActivity(ctx, 0, baseIntent, flag); // Sanitizer
            Intent fwdIntent = new Intent();
            fwdIntent.putExtra("fwdIntent", pi);
-            ctx.startActivity(fwdIntent); // $ SPURIOUS: $ hasImplicitPendingIntent
+            ctx.startActivity(fwdIntent); // Safe
        }
    }