Skip to content

Java: Improper url validation #3236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
May 26, 2020
Merged

Java: Improper url validation #3236

merged 12 commits into from
May 26, 2020

Conversation

luchua-bc
Copy link
Contributor

This PR is to address CWE-939 "Improper Authorization in Handler for Custom URL Scheme", which is a very common issue in Android mobile development.

For more details, please view the help document.

@luchua-bc luchua-bc requested review from felicitymay and a team as code owners April 8, 2020 23:23
intrigus-lgtm
intrigus-lgtm reviewed Apr 8, 2020
View reviewed changes
intrigus-lgtm
intrigus-lgtm reviewed Apr 8, 2020
View reviewed changes
intrigus-lgtm
intrigus-lgtm reviewed Apr 8, 2020
View reviewed changes
@luchua-bc luchua-bc mentioned this pull request Apr 8, 2020
Closed
1 task
@luchua-bc luchua-bc force-pushed the java-improper-url-validation branch from 410738f to b7f2d32 Compare April 9, 2020 02:41
@luchua-bc
The query help builder will interpret and automatically add the refer…
3b1dad8 
…ence so this isn't needed here. And one typo is corrected.
@luchua-bc luchua-bc requested a review from a team as a code owner May 4, 2020 11:39
aschackmull
aschackmull reviewed May 12, 2020
View reviewed changes
aschackmull
aschackmull reviewed May 12, 2020
View reviewed changes
aschackmull
aschackmull requested changes May 12, 2020
View reviewed changes
Copy link
Contributor

@aschackmull aschackmull left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few inline comments. Also, could you please auto-format the ql file? Otherwise it won't pass PR checks.

aschackmull
aschackmull reviewed May 18, 2020
View reviewed changes
@felicitymay felicitymay removed their request for review May 20, 2020 17:25
@luchua-bc luchua-bc changed the title Java improper url validation Java: Improper url validation May 21, 2020
@luchua-bc
Copy link
Contributor Author

Hi @aschackmull ,

Just curious - why the check of Language-Tests/Java failed? Could you shed some light on this issue?

Thanks,
@luchua-bc

@aschackmull
Copy link
Contributor

Just curious - why the check of Language-Tests/Java failed? Could you shed some light on this issue?

The select doesn't follow the correct pattern. The basic pattern is <entity>, <message> where the entity is used for the alert location. If the message includes placeholders then it should be followed by a corresponding number of <entity>, <string> pairs.

@luchua-bc
Copy link
Contributor Author

Thanks @aschackmull . Details of the Language-Tests/Java error are on the internal Jenkins server and the CodeQL extension with VS Code didn't report it. However, the LGTM query console does report this error.

I've corrected the select statement and will keep on using the query console to validate queries.

Cheers,
@luchua-bc

@aschackmull aschackmull merged commit 6bc9624 into github:master May 26, 2020
@luchua-bc luchua-bc deleted the java-improper-url-validation branch May 26, 2020 11:24
@luchua-bc luchua-bc mentioned this pull request Jul 5, 2020
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschackmull aschackmull aschackmull approved these changes

+1 more reviewer

@intrigus-lgtm intrigus-lgtm intrigus-lgtm left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@luchua-bc @aschackmull @intrigus-lgtm