- A new query "Use of implicit PendingIntents" (
java/android/pending-intents) has been added. This query finds implicit and mutablePendingIntentssent to an unspecified third party component, which may provide an attacker with access to internal components of the application or cause other unintended effects. - Two new queries, "Android fragment injection" (
java/android/fragment-injection) and "Android fragment injection in PreferenceActivity" (java/android/fragment-injection-preference-activity) have been added. These queries find exported Android activities that instantiate and host fragments created from user-provided data. Such activities are vulnerable to access control bypass and expose the Android application to unintended effects. - The query "
TrustManagerthat accepts all certificates" (java/insecure-trustmanager) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally submitted as an experimental query by @intrigus-lgtm. - The query "Log Injection" (
java/log-injection) has been promoted from experimental to the main query pack. Its results will now appear by default. The query was originally submitted as an experimental query by @porcupineyhairs and @dellalibera. - A new query "Intent URI permission manipulation" (
java/android/intent-uri-permission-manipulation) has been added. This query finds Android components that return unmodified, received Intents to the calling applications, which can provide unintended access to internal content providers of the victim application. - A new query "Cleartext storage of sensitive information in the Android filesystem" (
java/android/cleartext-storage-filesystem) has been added. This query finds instances of sensitive data being stored in local files without encryption, which may expose it to attackers or malicious applications. - The query "Cleartext storage of sensitive information using
SharedPreferenceson Android" (java/android/cleartext-storage-shared-prefs) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally submitted as an experimental query by @luchua-bc. - The query "Unsafe certificate trust" (
java/unsafe-cert-trust) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally submitted as an experimental query by @luchua-bc.
- The "Random used only once" (
java/random-used-once) query no longer has asecurity-severityscore. This has been causing some tools to categorise it as a security query, when it is more useful as a code-quality query.