hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from documentation review

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Edward Minnix III
2022-10-10 14:57:14 -04:00
committed by GitHub
parent b94b78115e
commit b6270ebe52
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.qhelp
View File

@@ -16,7 +16,7 @@
</overview>
<recommendation>
<p>To prevent permission bypass, <code>provider</code> elements should either
<p>To prevent permission bypass, you should create <code>provider</code> elements that either
specify both the <code>android:readPermission</code>
and <code>android:writePermission</code> attributes, or specify
the <code>android:permission</code> attribute.
@@ -26,13 +26,13 @@
<example>
<p>In the following two (bad) examples, the provider is configured with only
read or write permissions.</p>
read or write permissions. This allows a malicious application to bypass the permission check by requesting access to the unrestricted operation.</p>
<sample src="ContentProviderIncompletePermissionsReadOnly.xml"/>
<sample src="ContentProviderIncompletePermissionsWriteOnly.xml"/>
<p>In the following (good) examples, the provider is configured with full permissions.</p>
<p>In the following (good) examples, the provider is configured with full permissions, protecting it from a permissions bypass.</p>
<sample src="ContentProviderIncompletePermissionsReadWrite.xml"/>