Documentation cleanup for allowBackup query

2026-06-18 11:21:07 +02:00 · 2022-09-06 14:35:11 -04:00
parent 0a83cedeb7
commit dca4cd221a
2 changed files with 5 additions and 2 deletions
--- a/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+++ b/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
@@ -1,6 +1,6 @@
 /**
 * @name Android allowBackup attribute enabled
- * @description
+ * @description Android manifests which do not disable the `android:allowBackup` attribute allow backups, which can store sensitive information.
 * @kind problem
 * @problem.severity recommendation
 * @security-severity 7.5
@@ -17,8 +17,11 @@ from AndroidApplicationXmlElement androidAppElem
 where
  not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
  (
+    // explicitly sets android:allowBackup=true
    androidAppElem.allowsBackupExplicitly()
    or
+    // Manifest providing the main intent for an application, and does not explicitly
+    // disallow the allowBackup attribute
    androidAppElem.providesMainIntent() and
    androidAppElem.allowsBackup()
  )