hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 11:21:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add sensitive keyboard cache query

Browse Source
This commit is contained in:
Joe Farebrother
2022-09-20 12:46:53 +01:00
parent 7bf55c5846
commit 85fe226256
3 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.qhelp Normal file
View File

17
java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql Normal file
View File

@@ -0,0 +1,17 @@
/**
* @name Android sensetive keyboard cache
* @description Sensitive information should not be saved to the keyboard cache.
* @kind problem
* @problem.severity warning
* @id java/android/debuggable-attribute-enabled
* @tags security
* external/cwe/cwe-489
* @precision high
*/
import java
import semmle.code.java.security.SensitiveKeyboardCacheQuery
from AndroidEditableXmlElement el
where el = getASensitiveCachedInput()
select el, "This input field may contain sensitive information that is saved to the keyboard cache."