Added severity

Removed duplicated code
2026-04-30 19:26:02 +02:00 · 2021-10-27 14:00:10 +02:00
parent ec8ffeed07
commit e1d30ebc09
2 changed files with 1 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll
+++ b/java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll
@@ -51,9 +51,6 @@ private class IntentFlagsOrDataChangedSanitizer extends IntentUriPermissionManip
      TaintTracking::localExprTaint(any(GrantWriteUriPermissionFlag f).getAnAccess(),
        ma.getArgument(0))
      or
-      ma.getMethod() = m and
-      m.getDeclaringType() instanceof TypeIntent and
-      this.asExpr() = ma.getQualifier() and
      m.hasName("setFlags") and
      not TaintTracking::localExprTaint(any(GrantUriPermissionFlag f).getAnAccess(),
        ma.getArgument(0))
--- a/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+++ b/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
@@ -5,6 +5,7 @@
 *              arbitrary Content Providers that are accessible by the vulnerable application.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 7.8
 * @precision high
 * @id java/android/intent-uri-permission-manipulation
 * @tags security