hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Tony Torralba
2022-01-17 11:20:39 +01:00
committed by GitHub
parent 6dfe0ce7c5
commit a23b8a4a43
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-470/FragmentInjection.inc.qhelp
View File

@@ -6,7 +6,7 @@
When fragments are instantiated with externally provided names, this exposes any exported activity that dynamically When fragments are instantiated with externally provided names, this exposes any exported activity that dynamically
creates and hosts the fragment to fragment injection. A malicious application could provide the creates and hosts the fragment to fragment injection. A malicious application could provide the
name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity. name of an arbitrary fragment, even one not designed to be externally accessible, and inject it into the activity.
Thus, effectively bypassing access controls and exposing the application to unintended effects. This can bypass access controls and expose the application to unintended effects.
</p> </p>
<p> <p>
Fragments are reusable parts of an Android application's user interface. Fragments are reusable parts of an Android application's user interface.