Apply suggestions from code review

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2025-12-21 19:26:31 +01:00 · 2021-10-26 14:04:13 +02:00
parent 6dac86b9be
commit ba95d46ec3
4 changed files with 10 additions and 10 deletions
--- a/java/change-notes/2021-09-03-android-sensitive-broadcast.md
+++ b/java/change-notes/2021-09-03-android-sensitive-broadcast.md
@@ -1,2 +1,2 @@
 lgtm,codescanning
-* The query "Leaking sensitive information through an implicit intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512) 
+* The query "Leaking sensitive information through an implicit Intent" (`java/android/sensitive-communication`) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally [submitted as an experimental query by @luchua-bc.](https://github.com/github/codeql/pull/4512) 
--- a/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
@@ -102,7 +102,7 @@ private predicate isSensitiveBroadcastSink(DataFlow::Node sendBroadcastCallArg)
 }

 /**
- * Holds if `arg`  as an argument to a use of a `startActivity` or `startService` method that sends an intent to another application.
+ * Holds if `arg` is an argument in a use of a `startActivity` or `startService` method that sends an Intent to another application.
 */
 private predicate isStartActivityOrServiceSink(DataFlow::Node arg) {
  exists(MethodAccess ma, string name | ma.getMethod().hasName(name) |
@@ -147,7 +147,7 @@ private predicate isCleanIntent(Expr intent) {
 }

 /**
- * Taint configuration tracking flow from variables containing sensitive information to broadcast intents.
+ * Taint configuration tracking flow from variables containing sensitive information to broadcast Intents.
 */
 class SensitiveCommunicationConfig extends TaintTracking::Configuration {
  SensitiveCommunicationConfig() { this = "Sensitive Communication Configuration" }
--- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.qhelp
+++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.qhelp
@@ -2,20 +2,20 @@
 <qhelp>

  <overview>
-    <p>When an implicit intent is used with a method such as <code>startActivity</code>, <code>startService</code>, or <code>sendBroadcast</code>, it may be read by other applications on the device.</p>
-    <p>This means that sensitive data in these intents may be leaked.</p>
+    <p>When an implicit Intent is used with a method such as <code>startActivity</code>, <code>startService</code>, or <code>sendBroadcast</code>, it may be read by other applications on the device.</p>
+    <p>This means that sensitive data in these Intents may be leaked.</p>
  </overview>

  <recommendation>
    <p> 
-      For <code>sendBroadcast</code> methods, a receiver permission may be specified so that only applications with a certain permission may receive the intent; 
+      For <code>sendBroadcast</code> methods, a receiver permission may be specified so that only applications with a certain permission may receive the Intent; 
      or a <code>LocalBroadcastManager</code> may be used.
-      Otherwise, ensure that intents containing sensitive data have an explicit receiver class set.
+      Otherwise, ensure that Intents containing sensitive data have an explicit receiver class set.
    </p>
  </recommendation>

  <example>
-    <p>The following example shows two ways of broadcasting intents. In the 'BAD' case, no "receiver permission" is specified. In the 'GOOD' case, "receiver permission" or "receiver application" is specified.</p>
+    <p>The following example shows two ways of broadcasting Intents. In the 'BAD' case, no "receiver permission" is specified. In the 'GOOD' case, "receiver permission" or "receiver application" is specified.</p>
    <sample src="SensitiveCommunication.java" />
  </example>

--- a/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+++ b/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
@@ -1,6 +1,6 @@
 /**
- * @name Leaking sensitive information through an implicit intent
- * @description An Android application uses implicit intents containing sensitive data
+ * @name Leaking sensitive information through an implicit Intent
+ * @description An Android application uses implicit Intents containing sensitive data
 *              in a way that exposes it to arbitrary applications on the device.
 * @kind path-problem
 * @problem.severity warning