hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't capitalize the term content provider

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Tony Torralba
2021-11-23 11:11:23 +01:00
parent 596cfd399e
commit 8767d2db23
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.qhelp
View File

@@ -6,7 +6,7 @@
<p>When an Android component expects a result from an Activity, <code>startActivityForResult</code> can be used.
The started Activity can then use <code>setResult</code> to return the appropriate data to the calling component.</p>
<p>If an Activity obtains the incoming, user-provided Intent and directly returns it via <code>setResult</code>
without any checks, the application may be unintentionally giving arbitrary access to its Content Providers, even
without any checks, the application may be unintentionally giving arbitrary access to its content providers, even
if they are not exported, as long as they are configured with the attribute <code>android:grantUriPermissions="true"</code>.
This happens because the attacker adds the appropriate URI permission flags to the provided Intent, which take effect
once the Intent is reflected back.</p>

6
java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Intent URI permission manipulation
* @description Returning an externally provided Intent via setResult may allow a malicious
* application to access arbitrary Content Providers of the vulnerable application.
* @description Returning an externally provided Intent via 'setResult' may allow a malicious
* application to access arbitrary content providers of the vulnerable application.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
@@ -21,4 +21,4 @@ from DataFlow::PathNode source, DataFlow::PathNode sink
where any(IntentUriPermissionManipulationConf c).hasFlowPath(source, sink)
select sink.getNode(), source, sink,
"This Intent can be set with arbitrary flags from $@, " +
"and used to give access to internal Content Providers.", source.getNode(), "this user input"
"and used to give access to internal content providers.", source.getNode(), "this user input"