fix(codeql): tune Android pinning profile · openclaw/openclaw@1278f0b
vincentkoc
·
2026-04-28
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -9,6 +9,10 @@ query-filters:
|
9 | 9 | # Android canvas intentionally runs trusted A2UI JavaScript; keep this profile focused on exploitable WebView edges. |
10 | 10 | - exclude: |
11 | 11 | id: java/android/websettings-javascript-enabled |
| 12 | +# Gateway TLS already pins verified certificate SHA-256 fingerprints. OkHttp CertificatePinner pins SPKI hashes, |
| 13 | +# so this query is noisy for OpenClaw's TOFU/local-gateway trust model and does not belong in the critical profile. |
| 14 | + - exclude: |
| 15 | +id: java/android/missing-certificate-pinning |
12 | 16 | |
13 | 17 | paths: |
14 | 18 | - apps/android/app/src/main |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。