hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add change note

Browse Source
This commit is contained in:
Tony Torralba
2021-10-20 12:05:19 +02:00
parent 85526d71da
commit 7a1b854678
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/change-notes/2021-10-20-android-fragment-injection-query.md Normal file
View File

@@ -0,0 +1,3 @@
lgtm,codescanning
* Two new queries, "Android Fragment injection" (`java/android/fragment-injection`) and "Android Fragment injection in PreferenceActivity" (`java/android/fragment-injection-preference-activity`) have been added.
These queries find exported Android Activities that instantiate and host Fragments created from user-provided data, which can lead to access control bypass and exposes the application to unintended effects.