hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Documentation cleanup for allowBackup query

Browse Source
This commit is contained in:
Ed Minnix
2022-09-06 14:35:11 -04:00
parent 0a83cedeb7
commit dca4cd221a
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/xml/AndroidManifest.qll
View File

@@ -74,7 +74,7 @@ class AndroidApplicationXmlElement extends XmlElement {
predicate requiresPermissions() { this.getAnAttribute().(AndroidPermissionXmlAttribute).isFull() }
/**
* Holds if this application element enables the `android:allowBackup` attribute.
* Holds if this application element does not disable the `android:allowBackup` attribute.
*
* https://developer.android.com/guide/topics/data/autobackup
*/

5
java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Android allowBackup attribute enabled
* @description
* @description Android manifests which do not disable the `android:allowBackup` attribute allow backups, which can store sensitive information.
* @kind problem
* @problem.severity recommendation
* @security-severity 7.5
@@ -17,8 +17,11 @@ from AndroidApplicationXmlElement androidAppElem
where
not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
(
// explicitly sets android:allowBackup=true
androidAppElem.allowsBackupExplicitly()
or
// Manifest providing the main intent for an application, and does not explicitly
// disallow the allowBackup attribute
androidAppElem.providesMainIntent() and
androidAppElem.allowsBackup()
)