hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
This commit is contained in:
Edward Minnix III
2023-03-03 15:00:22 -05:00
committed by Ed Minnix
parent 8fcf00b73d
commit 8ec5b5b7fa
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-094/ArbitraryAPKInstallation.qhelp
View File

@@ -58,16 +58,16 @@
<references>
<li>
Intent.ACTION_INSTALL_PACKAGE: <a href="https://developer.android.com/reference/android/content/Intent#ACTION_INSTALL_PACKAGE"></a>.
Android Developers: <a href="https://developer.android.com/reference/android/content/Intent#ACTION_INSTALL_PACKAGE">Intent.ACTION_INSTALL_PACKAGE</a>.
</li>
<li>
Android Manifest Permission to Install Packages: <a href="https://developer.android.com/reference/android/Manifest.permission#REQUEST_INSTALL_PACKAGES"></a>.
Android Developers: <a href="https://developer.android.com/reference/android/Manifest.permission#REQUEST_INSTALL_PACKAGES">Manifest.permission.REQUEST_INSTALL_PACKAGES</a>.
</li>
<li>
PackageInstaller: <a href="https://developer.android.com/reference/android/content/pm/PackageInstaller"></a>.
Android Developers: <a href="https://developer.android.com/reference/android/content/pm/PackageInstaller">PackageInstaller</a>.
</li>
<li>
FileProvider: <a href="https://developer.android.com/reference/androidx/core/content/FileProvider"></a>.
Android Developers: <a href="https://developer.android.com/reference/androidx/core/content/FileProvider">FileProvider</a>.
</li>
</references>
</qhelp>

2
java/ql/src/Security/CWE/CWE-094/ArbitraryAPKInstallation.ql
View File

@@ -71,7 +71,7 @@ class SetDataSink extends DataFlow::ExprNode {
/** A method that generates a URI. */
class UriConstructorMethod extends Method {
UriConstructorMethod() {
this.hasQualifiedName("android.net", "Uri", [/*"parse",*/ "fromFile", "fromParts"]) or
this.hasQualifiedName("android.net", "Uri", ["fromFile", "fromParts"]) or
this.hasQualifiedName("androidx.core.content", "FileProvider", "getUriForFile")
}
}

2
java/ql/src/change-notes/2023-01-19-arbitrary-apk-installation.md
View File

@@ -1,5 +1,5 @@
---
category: newQuery
---
* Added a new query `java/android/arbitrary-apk-installation` to detect installation of APKs from untrusted sources.
* Added a new query, `java/android/arbitrary-apk-installation`, to detect installation of APKs from untrusted sources.