hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply doc review suggestions -

Browse Source 
fix typos and capitilisation; reword description.
This commit is contained in:
Joe Farebrother
2022-06-14 14:55:37 +01:00
parent c71586e1f8
commit a6736a99e4
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp
View File

@@ -6,13 +6,13 @@
<overview>
<p>
When an android application uses a <code>BroadcastReciever</code> to receive intents,
When an Android application uses a <code>BroadcastReceiver</code> to receive intents,
it is also able to receive explicit intents that are sent directly to it, regardless of its filter.
Certain intent actions are only able to be sent by the operating system, not third-party applications.
However, a <code>BroadcastReceiver</code> that is registered to receive system intents is still able to receive
other intents from a third-party application, so it should check that the intent received has the expected action.
Otherwise, a third-party application could impersonate the system this way and cause unintended behavior, such as a denial of service.
intents from a third-party application, so it should check that the intent received has the expected action.
Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.
</p>
</overview>

4
java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Improper Verification of Intent by Broadcast Receiver
* @description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.
* @name Improper verification of intent by broadcast receiver
* @description A broadcast reciever that does not verify intents it recieves may be susceptible to unintended behaviour by third party applications sending it explicit intents.
* @kind problem
* @problem.severity warning
* @security-severity 8.2

2
java/ql/src/change-notes/2022-04-27-intent-verification.md
View File

@@ -1,6 +1,6 @@
---
category: newQuery
---
* A new query "Improper Verification of Intent by Broadcast Receiver" (`java/improper-intent-verification`) has been added.
* A new query "Improper verification of intent by broadcast receiver" (`java/improper-intent-verification`) has been added.
This query finds instances of Android `BroadcastReceiver`s that don't verify the action string of received intents when registered
to receive system intents.