hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer

Browse Source 
Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead
This commit is contained in:
Anders Schack-Mulligen
2021-11-03 10:20:09 +01:00
committed by GitHub
parent ab4780c505 6f7d0b62d7
commit e6145f04d2
3 changed files with 57 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll
View File

@@ -48,11 +48,7 @@ class GetContentIntentConfig extends TaintTracking2::Configuration {
// Allow the wrapped intent created by Intent.getChooser to be consumed
// by at the sink:
isSink(node) and
(
content.(DataFlow::SyntheticFieldContent).getField() = "android.content.Intent.extras"
or
content instanceof DataFlow::MapValueContent
)
allowIntentExtrasImplicitRead(node, content)
}
}