Apply suggestions from code review - fix typos/style, make things private

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2026-06-18 19:31:11 +02:00 · 2022-04-28 12:45:20 +01:00
parent d88d216388
commit 9d048e78af
5 changed files with 18 additions and 18 deletions
--- a/java/ql/src/Security/CWE/CWE-925/Bad.java
+++ b/java/ql/src/Security/CWE/CWE-925/Bad.java
@@ -1,8 +1,8 @@
-...
+// ...
 IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
 BroadcastReceiver sReceiver = new ShutDownReceiver();
 context.registerReceiver(sReceiver, filter);
-...
+// ...

 public class ShutdownReceiver extends BroadcastReceiver {
    @Override
--- a/java/ql/src/Security/CWE/CWE-925/Good.java
+++ b/java/ql/src/Security/CWE/CWE-925/Good.java
@@ -1,8 +1,8 @@
-...
+// ...
 IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);
 BroadcastReceiver sReceiver = new ShutDownReceiver();
 context.registerReceiver(sReceiver, filter);
-...
+// ...

 public class ShutdownReceiver extends BroadcastReceiver {
    @Override
--- a/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
+++ b/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
@@ -6,18 +6,18 @@

 <overview>
 <p>
-When an android application uses a <code>BroadcastReciever</code> to receive Intents, 
-it is also able to receive explicit Intents that are sent drctly to it, egardless of its filter.
+When an android application uses a <code>BroadcastReciever</code> to receive intents, 
+it is also able to receive explicit intents that are sent directly to it, regardless of its filter.

 Certain intent actions are only able to be sent by the operating system, not third-party applications. 
-However, a <code>BroadcastReceiver</code> that is registered to recieve system intents is still able to recieve 
+However, a <code>BroadcastReceiver</code> that is registered to receive system intents is still able to receive 
 other intents from a third-party application, so it should check that the intent received has the expected action.
-Otherwise, a third-party application could impersonate the system this way and cause unintended behaviour, such as a denial of service.
+Otherwise, a third-party application could impersonate the system this way and cause unintended behavior, such as a denial of service.
 </p>
 </overview>

 <example>
-  <p>In the following code, the <code>ShutdownReceiver</code> initiates a shutdown procedure upon receiving an Intent, 
+  <p>In the following code, the <code>ShutdownReceiver</code> initiates a shutdown procedure upon receiving an intent, 
  without checking that the received action is indeed <code>ACTION_SHUTDOWN</code>. This allows third-party applications to 
  send explicit intents to this receiver to cause a denial of service.</p>
 <sample src="Bad.java" />