-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathImplicitPendingIntents.ql
More file actions
24 lines (22 loc) · 971 Bytes
/
ImplicitPendingIntents.ql
File metadata and controls
24 lines (22 loc) · 971 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
/**
* @name Use of implicit PendingIntents
* @description Sending an implicit and mutable 'PendingIntent' to an unspecified third party
* component may provide an attacker with access to internal components of the
* application or cause other unintended effects.
* @kind path-problem
* @problem.severity error
* @security-severity 8.2
* @precision high
* @id java/android/implicit-pendingintents
* @tags security
* external/cwe/cwe-927
*/
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.ImplicitPendingIntentsQuery
import ImplicitPendingIntentStartFlow::PathGraph
from ImplicitPendingIntentStartFlow::PathNode source, ImplicitPendingIntentStartFlow::PathNode sink
where ImplicitPendingIntentStartFlow::flowPath(source, sink)
select sink.getNode(), source, sink,
"$@ and sent to an unspecified third party through a PendingIntent.", source.getNode(),
"An implicit Intent is created"