diff --git a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
index 4a32cdb3290..86548430f2a 100644
--- a/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
+++ b/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.qhelp
@@ -7,12 +7,12 @@
Do not export compontents that start other components from a user-provided Intent.
- They can be made private by setting the `android:exported` property to `false` in the app's Android Manifest.
+ They can be made private by setting the android:exported property to false in the app's Android Manifest.
If this is not possible, restrict either which apps can send Intents to the affected component, or which components can be started from it.
The following snippet contains two examples.
- In the first example, an arbitrary component can be started from the externally provided `forward_intent` Intent.
+ In the first example, an arbitrary component can be started from the externally provided forward_intent Intent.
In the second example, the destination component of the Intent is first checked to make sure it is safe.
@@ -27,7 +27,7 @@
Android Developers:
- The `android:exported` attribute.
+ The android:exported attribute.
\ No newline at end of file
diff --git a/java/ql/test/query-tests/security/CWE-940/AndroidIntentRedirectionTest.java b/java/ql/test/query-tests/security/CWE-940/AndroidIntentRedirectionTest.java
index d70aedfc2b1..f265465f265 100644
--- a/java/ql/test/query-tests/security/CWE-940/AndroidIntentRedirectionTest.java
+++ b/java/ql/test/query-tests/security/CWE-940/AndroidIntentRedirectionTest.java
@@ -8,6 +8,7 @@ import android.os.Bundle;
public class AndroidIntentRedirectionTest extends Activity {
public void onCreate(Bundle savedInstanceState) {
+ // @formatter:off
{
Intent intent = (Intent) getIntent().getParcelableExtra("forward_intent");
startActivities(new Intent[] {intent}); // $ hasAndroidIntentRedirection
@@ -17,13 +18,11 @@ public class AndroidIntentRedirectionTest extends Activity {
startActivityAsUser(intent, null); // $ hasAndroidIntentRedirection
startActivityAsUser(intent, null, null); // $ hasAndroidIntentRedirection
startActivityAsCaller(intent, null, false, 0); // $ hasAndroidIntentRedirection
- startActivityAsUserFromFragment(null, intent, 0, null, null); // $
- // hasAndroidIntentRedirection
+ startActivityAsUserFromFragment(null, intent, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0); // $ hasAndroidIntentRedirection
startActivityForResult(intent, 0, null); // $ hasAndroidIntentRedirection
startActivityForResult(null, intent, 0, null); // $ hasAndroidIntentRedirection
- startActivityForResultAsUser(intent, null, 0, null, null); // $
- // hasAndroidIntentRedirection
+ startActivityForResultAsUser(intent, null, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null, null); // $ hasAndroidIntentRedirection
startActivityForResultAsUser(intent, 0, null); // $ hasAndroidIntentRedirection
}
@@ -46,11 +45,9 @@ public class AndroidIntentRedirectionTest extends Activity {
sendStickyBroadcast(intent); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null); // $ hasAndroidIntentRedirection
sendStickyBroadcastAsUser(intent, null, null); // $ hasAndroidIntentRedirection
- sendStickyOrderedBroadcast(intent, null, null, 0, null, null); // $
- // hasAndroidIntentRedirection
- sendStickyOrderedBroadcastAsUser(intent, null, null, null, 0, null, null); // $
- // hasAndroidIntentRedirection
+ sendStickyOrderedBroadcast(intent, null, null, 0, null, null); // $ hasAndroidIntentRedirection
+ sendStickyOrderedBroadcastAsUser(intent, null, null, null, 0, null, null); // $ hasAndroidIntentRedirection
}
-
+ // @formatter:on
}
}