hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Check the value of parameter in WebView file access query

Browse Source
This commit is contained in:
Ed Minnix
2022-11-15 13:50:56 -05:00
parent 10875568ec
commit 013ff79d17
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
View File

@@ -14,7 +14,9 @@ import java
import semmle.code.java.frameworks.android.WebView
from MethodAccess ma
where ma.getMethod() instanceof CrossOriginAccessMethod
where
ma.getMethod() instanceof CrossOriginAccessMethod and
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
select ma,
"WebView setting " + ma.getMethod().getName() +
" may allow for unauthorized access of sensitive information."