Status Update
Comments
ow...@google.com <ow...@google.com> #2
Lint only runs on this project, not its dependencies because we set checkDependencies = false
This is WAI after checkDependencies = false
is not WAI.
ra...@gmail.com <ra...@gmail.com> #3
This has been fixed with
Cherry-picking to the AGP 8.2 branch is currently blocked, so leaving this bug open until I'm able to cherry-pick the fix.
mo...@google.com <mo...@google.com> #4
The fix has been merged in AGP 8.2.0-beta01.
ra...@gmail.com <ra...@gmail.com> #5
The following release(s) address this bug.It is possible this bug has only been partially addressed:
androidx.compose.material3:material3:1.2.0-alpha07
androidx.compose.material3:material3-android:1.2.0-alpha07
androidx.compose.ui:ui:1.6.0-alpha05
androidx.compose.ui:ui-android:1.6.0-alpha05
androidx.lifecycle:lifecycle-livedata-ktx:2.7.0-alpha02
androidx.wear.compose:compose-material3:1.0.0-alpha11
mo...@google.com <mo...@google.com> #6
The following release(s) address this bug.It is possible this bug has only been partially addressed:
androidx.paging:paging-compose:3.3.0-alpha01
mo...@google.com <mo...@google.com> #7
The following release(s) address this bug.It is possible this bug has only been partially addressed:
androidx.navigation:navigation-compose:2.8.0-alpha01
cu...@google.com <cu...@google.com> #8
Per DeviceCredentialHandlerActivity
is removed as of
Description
Version used:
Theme used:
Devices/Android versions reproduced on:
Following two flaws(with line number)/complaining by veracode
Attack Vector: span.neq
Number of Modules Affected: 1
Description: Using '!=' to compare two strings for inequality actually compares the object references rather than their values. It is unlikely that this reflects the intended application logic.
Remediation: Use the equals() method to compare strings, not the '!=' operator.
Attack Vector: DeviceCredentialHandlerActivity
Number of Modules Affected: 1
Description: The component DeviceCredentialHandlerActivity as configured in AndroidManifest.xml is exported with no permission(s) set which increases the application's attack surface and possibly allows for injection or stealing of app data.
Remediation: The component's exported attribute in AndroidManifest.xml should be set explicitly to false, if possible. If it must be exported, then permissions should be used to ensure the app is used in the intended manner. This permission may be specific to the attribute or applied globally to the manifest's application element.