hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve qhelp

Browse Source
This commit is contained in:
Joe Farebrother
2023-01-12 11:38:08 +00:00
parent 639c42c9e9
commit b565f997a0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp
View File

@@ -2,7 +2,7 @@
<qhelp>
<overview>
<p>If a <code>ResultReceiver</code> is obtained from an untrusted source, such as being unparcled from an <code>Intent</code>,
<p>If a <code>ResultReceiver</code> is obtained from an untrusted source, such as being unparcelled from an <code>Intent</code> that was received by an exported component,
sensitive data such as passwords should not be sent to it. Otherwise, this sensitive information may be leaked to a malicious application.</p>
</overview>
@@ -18,6 +18,6 @@
</example>
<references>
<li>Oversecured: <a href="https://oversecured.com/vulnerabilities#Android/Passing_data_to_a_ResultReceiver_under_the_attacker%E2%80%99s_control">Passing data to a ResultReceiver under the attacker's control</a></li>
<li>Oversecured: <a href="https://oversecured.com/vulnerabilities#Android/Passing_data_to_a_ResultReceiver_under_the_attacker%E2%80%99s_control">Passing data to a ResultReceiver under the attacker's control</a>.</li>
</references>
</qhelp>