Merge both setAllowContentAccess queries into one query

Previously, the query to detect whether or not access to `content://`
links was done using two queries.

Now they can be merged into one query

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql

@@ -1,21 +0,0 @@
-/**
- * @name Android WebSettings content access
- * @description Access to content providers in a WebView can enable JavaScript to access protected information.
- * @kind problem
- * @id java/android/websettings-content-access
- * @problem.severity warning
- * @security-severity 6.5
- * @precision medium
- * @tags security
- *       external/cwe/cwe-200
- */
-
-import java
-import semmle.code.java.frameworks.android.WebView
-
-from MethodAccess ma
-where
-  ma.getMethod() instanceof AllowContentAccessMethod and
-  ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
-select ma,
-  "Sensitive information may be exposed via a malicious link due to access of content:// links being permitted."

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql

@@ -94,7 +94,19 @@ class WebViewDisallowContentAccessConfiguration extends TaintTracking::Configura
   }
 }
 
-from WebViewSource source
+from Expr e
-where not any(WebViewDisallowContentAccessConfiguration cfg).hasFlow(source, _)
+where
-select source,
+  // explicit: setAllowContentAccess(true)
+  exists(MethodAccess ma |
+    ma = e and
+    ma.getMethod() instanceof AllowContentAccessMethod and
+    ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
+  )
+  or
+  // implicit: no setAllowContentAccess(false)
+  exists(WebViewSource source |
+    source.asExpr() = e and
+    not any(WebViewDisallowContentAccessConfiguration cfg).hasFlow(source, _)
+  )
+select e,
   "Sensitive information may be exposed via a malicious link due to access of content:// links being permitted."

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.expected

@@ -1,5 +1,10 @@
 | WebViewContentAccess.java:15:9:15:57 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
 | WebViewContentAccess.java:38:9:38:55 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
+| WebViewContentAccess.java:41:25:41:49 | (...)... | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
 | WebViewContentAccess.java:43:9:43:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
+| WebViewContentAccess.java:46:25:46:41 | new WebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
 | WebViewContentAccess.java:48:9:48:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
+| WebViewContentAccess.java:51:25:51:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
 | WebViewContentAccess.java:53:9:53:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
+| WebViewContentAccess.java:55:29:55:48 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
+| WebViewContentAccess.java:57:25:57:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.qlref

@@ -1 +1 @@
-Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql
+Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccessDataFlow.expected

@@ -1,5 +0,0 @@
-| WebViewContentAccess.java:41:25:41:49 | (...)... | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
-| WebViewContentAccess.java:46:25:46:41 | new WebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
-| WebViewContentAccess.java:51:25:51:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
-| WebViewContentAccess.java:55:29:55:48 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
-| WebViewContentAccess.java:57:25:57:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccessDataFlow.qlref

@@ -1 +0,0 @@
-Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql