hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rewording

Browse Source
This commit is contained in:
Tony Torralba
2021-12-09 17:11:46 +01:00
parent 9c12c5f8b8
commit a0a914466c
3 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Use of implicit Pending Intents
* @name Use of implicit PendingIntents
* @description Implicit and mutable PendingIntents being sent to an unspecified third party
* component may provide access to internal components of the application or cause
* other unintended effects.
@@ -7,7 +7,7 @@
* @problem.severity error
* @security-severity 8.2
* @precision high
* @id java/android/pending-intents
* @id java/android/implicit-pendingintents
* @tags security
* external/cwe/cwe-927
*/
@@ -20,5 +20,5 @@ import DataFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink
where any(ImplicitPendingIntentStartConf conf).hasFlowPath(source, sink)
select sink.getNode(), source, sink,
"An implicit and mutable pending Intent is created $@ and sent to an unspecified third party.",
"An implicit and mutable PendingIntent is created $@ and sent to an unspecified third party.",
source.getNode(), "here"

4
java/ql/src/change-notes/2021-09-30-android-implicit-pendingintents.md
View File

@@ -1,7 +1,7 @@
---
category: newQuery
---
* A new query "Use of implicit Pending Intents" (`java/android/pending-intents`) has been added.
This query finds implicit and mutable PendingIntents being sent to an unspecified third party component,
* A new query "Use of implicit PendingIntents" (`java/android/pending-intents`) has been added.
This query finds implicit and mutable `PendingIntents` being sent to an unspecified third party component,
which can provide access to internal components of the application or cause other unintended
effects.

3
java/ql/test/library-tests/frameworks/android/notification/Test.java
View File

@@ -274,8 +274,7 @@ public class Test {
}
{
// "android.app;Notification$Builder;true;setActions;;;ArrayElement of
// Argument[0];SyntheticField[android.app.Notification.action] of
// Argument[-1];taint"
// Argument[0];Argument[-1];taint"
Notification.Builder out = null;
Notification.Action[] in = (Notification.Action[]) new Notification.Action[] {
(Notification.Action) source()};