hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix QLL and add change notes with tests

Browse Source
This commit is contained in:
Lukas Abfalterer
2025-03-05 10:23:35 +01:00
parent a3749530d6
commit c9b75afc2a
5 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
View File

@@ -14,6 +14,6 @@ import java
import semmle.code.java.security.ImproperIntentVerificationQuery
from AndroidReceiverXmlElement reg, Method orm, SystemActionName sa
where unverifiedSystemReceiver(reg, orm, sa) and orm.getBody().getBlock().getNumStmt() > 0
where unverifiedSystemReceiver(reg, orm, sa)
select orm, "This reciever doesn't verify intents it receives, and $@ to receive $@.", reg,
"it is registered", sa, "the system action " + sa.getName()

4
java/ql/src/change-notes/2025-03-03-fix-improper-intent-verification-query.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Fixed false positive in CWE-925 by requiring the `onReceive` method must be non-empty