hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-18 19:31:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

QLDoc improvements from code review

Browse Source 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
This commit is contained in:
Tony Torralba
2021-07-29 16:34:21 +02:00
committed by GitHub
parent 4622d8590b
commit bdf0f582a4
4 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Unsafe resource fetching in Android webview
* @description JavaScript rendered inside WebViews can access any protected
* application file and web resource from any origin
* @name Unsafe resource fetching in Android WebView
* @description JavaScript rendered inside WebViews can access protected
* application files and web resources from any origin exposing them to attack.
* @kind path-problem
* @problem.severity warning
* @precision medium
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink, FetchUntrustedResourceConfiguration conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Unsafe resource fetching in Android webview due to $@.",
select sink.getNode(), source, sink, "Unsafe resource fetching in Android WebView due to $@.",
source.getNode(), sink.getNode().(UrlResourceSink).getSinkType()