Skip to content

False negative: AndroidInsecureLocalAuthentication.ql #21526

New issue
New issue
Open
Open
False negative: AndroidInsecureLocalAuthentication.ql#21526
Labels
questionFurther information is requested
@Carlson-JLQ

Description

@Carlson-JLQ
Carlson-JLQ
opened on Mar 21, 2026

Version
codeql 2.23.9

When I detect the code like this using Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql, the problem is reported normally:

package scensct.core.pos;
import android.hardware.fingerprint.FingerprintManager;
public class PosCase1 extends FingerprintManager.AuthenticationCallback {
    @Override
    public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) { // [REPORTED LINE]
        // Parameter 'result' is declared but never accessed or referenced.
        // No cryptographic operation or any use of 'result'.
        System.out.println("Authentication succeeded.");
    }
}

However, when I insert a temporary variable, AndroidInsecureLocalAuthentication.ql is unable to detect the problem:

package scensct.var.pos;

import android.hardware.fingerprint.FingerprintManager;

public class PosCase1_Var3 extends FingerprintManager.AuthenticationCallback {
    @Override
    public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult result) {
        // Introduce a temporary variable that shadows but does not use result.
        Object ignored = result;
        // Still no cryptographic operation or actual usage.
        System.out.println("Authentication succeeded.");
        // The 'ignored' variable is never read.
    }
}

AndroidInsecureLocalAuthentication.ql scanning the following code also fails to detect the issue:

package scensct.var.pos;

import android.hardware.biometrics.BiometricPrompt;

public class PosCase2_Var1 extends BiometricPrompt.AuthenticationCallback {
    @Override
    public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
        // Introduce a temporary variable that does not change the usage
        BiometricPrompt.AuthenticationResult res = result;
        super.onAuthenticationSucceeded(res);
    }
}
package scensct.var.pos;

import android.hardware.biometrics.BiometricPrompt;

public class PosCase2_Var4 extends BiometricPrompt.AuthenticationCallback {
    // Extract a private helper method that only passes the parameter
    private void callSuper(BiometricPrompt.AuthenticationResult r) {
        super.onAuthenticationSucceeded(r);
    }

    @Override
    public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
        callSuper(result);
    }
}
package scensct.var.pos;

import android.hardware.biometrics.BiometricPrompt;

public class PosCase2_Var5 extends BiometricPrompt.AuthenticationCallback {
    @Override
    public void onAuthenticationSucceeded(BiometricPrompt.AuthenticationResult result) {
        // Add a redundant local variable and a no-op statement
        BiometricPrompt.AuthenticationResult authResult = result;
        int dummy = 0; // unrelated to result
        super.onAuthenticationSucceeded(authResult);
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions