Rewording

atorralba · atorralba · commit 1e3e48132c0a · 2022-01-14T10:31:59.000+01:00
diff --git a/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp b/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.qhelp
@@ -10,13 +10,18 @@
   the application that created it, and with its same privileges.</p>
 <p>If a <code>PendingIntent</code> is configured to be mutable, the fields of its internal Intent can be changed by the
   receiving application if they were not previously set. This means that a mutable <code>PendingIntent</code> that has 
-  not defined a destination component (that is, an implicit <code>PendingIntent</code>) can be directed to any component
-  by the receiving application, and execute an arbitrary action with the privileges of the application that created it.</p>
-<p>If an implicit <code>PendingIntent</code> is wrapped and sent as an extra of an Intent that can be intercepted (that
-  is, again, an implicit Intent), any malicious application could obtain the <code>PendingIntent</code>, modify the 
-  underlying Intent with an arbitrary destination component, and execute the desired action with elevated privileges. 
-  This could give the malicious application access to private components of the victim application, or the ability to 
-  perform actions without having the necessary permissions.</p>
+  not defined a destination component (that is, an implicit <code>PendingIntent</code>) can be altered to execute an 
+  arbitrary action with the privileges of the application that created it.</p>
+<p>If an implicit PendingIntent is obtainable by a malicious application by any of the following means:</p>
+<ul>
+  <li>It is wrapped and sent as an extra of another implicit Intent</li>
+  <li>It is sent as the action of a Slide</li>
+  <li>It is sent as the action of a Notification</li>
+</ul>
+<p></p>
+<p>the attacker could modify the underlying Intent and execute an arbitrary action with elevated privileges. 
+  This could give the malicious application access to private components of the victim application, 
+  or the ability to perform actions without having the necessary permissions.</p>
 </overview>
 
 <recommendation>
diff --git a/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql b/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
@@ -1,8 +1,8 @@
 /**
  * @name Use of implicit Pending Intents
- * @description Implicit and mutable PendingIntents being wrapped and sent in another implicit
- *              Intent may provide access to internal components of the application or cause other
- *              unintended effects.
+ * @description Implicit and mutable PendingIntents being sent to an unspecified third party
+ *              component may provide access to internal components of the application or cause
+ *              other unintended effects.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 8.2
diff --git a/java/ql/src/change-notes/2021-09-30-android-implicit-pendingintents.md b/java/ql/src/change-notes/2021-09-30-android-implicit-pendingintents.md
@@ -2,6 +2,6 @@
 category: newQuery
 ---
 * A new query "Use of implicit Pending Intents" (`java/android/pending-intents`) has been added.
-This query finds implicit and mutable PendingIntents being wrapped and sent in another implicit Intent,
+This query finds implicit and mutable PendingIntents being sent to an unspecified third party component,
 which can provide access to internal components of the application or cause other unintended
 effects.
