hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve description

Browse Source
This commit is contained in:
Tony Torralba
2021-11-22 15:51:15 +01:00
parent ab560234e3
commit 596cfd399e
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
View File

@@ -1,8 +1,7 @@
/**
* @name Intent URI permission manipulation
* @description When an externally provided Intent is returned to an Activity via setResult,
* a malicious application could use this to grant itself permissions to access
* arbitrary Content Providers that are accessible by the vulnerable application.
* @description Returning an externally provided Intent via setResult may allow a malicious
* application to access arbitrary Content Providers of the vulnerable application.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8