Address reviews - Elaborate on docs and update severity

joefarebrother · joefarebrother · commit 16aed188210f · 2024-02-09T13:53:36.000Z
diff --git a/java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidLocalAuthQuery.qll
@@ -21,7 +21,7 @@ class AuthenticationSuccessCallback extends Method {
     this.hasName("onAuthenticationSucceeded")
   }
 
-  /** Gets the parameter containing the `authenticationResult` */
+  /** Gets the parameter containing the `authenticationResult`. */
   Parameter getResultParameter() { result = this.getParameter(0) }
 
   /** Gets a use of the result parameter that's used in a `super` call to the base `AuthenticationCallback` class. */
diff --git a/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.qhelp b/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.qhelp
@@ -6,7 +6,8 @@
 <overview>
 <p>
 Biometric local authentication such as fingerprint recognition can be used to protect sensitive data or actions within an application. 
-However, if this authentication does not make use of a <code>KeyStore</code>-backed key, it is able to be bypassed by a privileged malicious application or an attacker with physical access.
+However, if this authentication does not make use of a <code>KeyStore</code>-backed key, it is able to be bypassed by a privileged malicious application or an attacker with physical access, 
+using application hooking tools such as Frida.
 </p>
 </overview>
 
@@ -20,7 +21,7 @@ in a way that is required for the sensitive parts of the application to function
 <example>
 <p>In the following (bad) case, no <code>CryptoObject</code> is required for the biometric prompt to grant access, so it can be bypassed.</p>
 <sample src="AndroidInsecureLocalAuthenticationBad.java" />
-<p>In he following (good) case, a secret key is generated in the Android <code>KeyStore</code> that is required for the application to grant access.</p>
+<p>In the following (good) case, a secret key is generated in the Android <code>KeyStore</code> that is required for the application to grant access by decrypting data.</p>
 <sample src="AndroidInsecureLocalAuthenticationGood.java" />
 </example>
 
diff --git a/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql b/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
@@ -3,7 +3,7 @@
  * @description Local authentication that does not make use of a `CryptoObject` can be bypassed.
  * @kind problem
  * @problem.severity warning
- * @security-severity 9.3
+ * @security-severity 4.4
  * @precision high
  * @id java/android/insecure-local-authentication
  * @tags security

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ class AuthenticationSuccessCallback extends Method {`
`21`	`21`	`this.hasName("onAuthenticationSucceeded")`
`22`	`22`	`}`
`23`	`23`
`24`		- /** Gets the parameter containing the `authenticationResult` */
	`24`	+ /** Gets the parameter containing the `authenticationResult`. */
`25`	`25`	`Parameter getResultParameter() { result = this.getParameter(0) }`
`26`	`26`
`27`	`27`	/** Gets a use of the result parameter that's used in a `super` call to the base `AuthenticationCallback` class. */