Skip to content

Fix CWE-927 by making reminder PendingIntents explicitly targeted#41

Merged
r0073rr0r merged 2 commits into
mainfrom
fix/cwe-927-explicit-pending-intents
Apr 20, 2026
Merged

Fix CWE-927 by making reminder PendingIntents explicitly targeted#41
r0073rr0r merged 2 commits into
mainfrom
fix/cwe-927-explicit-pending-intents

Conversation

@r0073rr0r

Copy link
Copy Markdown
Contributor

Summary

  • replace dynamic/component-assigned intents with explicit constructor intents for all reminder PendingIntent paths
  • keep PendingIntents immutable
  • remove previous inline suppressions so CodeQL evaluates real code path

Security impact

This directly addresses CWE-927 (java/android/implicit-pendingintents) for code-scanning alerts:

Validation

  • ./gradlew :app:compileDebugKotlin --console=plain
  • ./gradlew :app:assembleDebug --console=plain

@r0073rr0r r0073rr0r merged commit bec6411 into main Apr 20, 2026
6 checks passed
@r0073rr0r r0073rr0r deleted the fix/cwe-927-explicit-pending-intents branch April 20, 2026 10:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant