The Wayback Machine - https://web.archive.org/web/20211003213737/https://github.com/github/codeql/pull/6779
Skip to content
Sign up
Sign in
Sign up

/ codeql Public

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: CWE-927 - Query to detect the use of implicit PendingIntents #6779

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Java: CWE-927 - Query to detect the use of implicit PendingIntents #6779

wants to merge 3 commits into from
+1,158 −1

Conversation

@atorralba
Copy link
Contributor

@atorralba atorralba commented Sep 30, 2021

This PR introduces a query that detects the issue described below.

Take into account that this depends on some CSV models that will need to be removed once #6397 and #6599 are merged. See ImplicitPendingIntents.qll for details.

Description

A PendingIntent describes an action in the form of an Intent that is intended to be given and executed at a later time by another application. The Intent wrapped by a PendingIntent is executed on behalf of the application that created it, and with its same privileges.

If a PendingIntent is configured to be mutable, the fields of its internal Intent can be changed by the receiving application if they were not previously set. This means that a mutable PendingIntent that has not defined a destination component (that is, an implicit PendingIntent) can be directed to any component by the receiving application, and execute an arbitrary action with the privileges of the application that created it.

If an implicit PendingIntent is wrapped and sent as an extra of an Intent that can be intercepted (that is, again, an implicit Intent), any malicious application could obtain the PendingIntent, modify the underlying Intent with an arbitrary destination component, and execute the desired action with elevated privileges. This could give the malicious application access to private components of the victim application, or the ability to perform actions without having the necessary permissions.

References
atorralba added 3 commits Sep 30, 2021
@atorralba
Added query ImplicitPendingIntents
05f668f
@atorralba
Added tests
3d3a105
@atorralba
Added stubs
bf912fe
@atorralba atorralba requested a review from as a code owner Sep 30, 2021
@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 30, 2021

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged. The differences can be found in the comparison artifact of this workflow run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github/codeql-java codeql-java

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant
@atorralba
Morty Proxy This is a proxified and sanitized view of the page, visit original site.