hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adapt chage note to new format

Browse Source
This commit is contained in:
Tony Torralba
2021-12-15 16:57:20 +01:00
parent f0e9b768f2
commit 6dfe0ce7c5
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/change-notes/2021-12-15-android-fragment-injection-query.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: newQuery
---
* Two new queries, "Android fragment injection" (`java/android/fragment-injection`) and "Android fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added.
These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects.