mirror of
https://github.com/github/codeql.git
synced 2026-04-08 08:34:02 +02:00
19 lines
571 B
Plaintext
19 lines
571 B
Plaintext
/**
|
|
* @name Insecure local authentication
|
|
* @description Local authentication that does not make use of a `CryptoObject` can be bypassed.
|
|
* @kind problem
|
|
* @problem.severity warning
|
|
* @security-severity 4.4
|
|
* @precision high
|
|
* @id java/android/insecure-local-authentication
|
|
* @tags security
|
|
* external/cwe/cwe-287
|
|
*/
|
|
|
|
import java
|
|
import semmle.code.java.security.AndroidLocalAuthQuery
|
|
|
|
from AuthenticationSuccessCallback c
|
|
where not exists(c.getAResultUse())
|
|
select c, "This authentication callback does not use its result for a cryptographic operation."
|