Apply suggestions from code review

Co-authored-by: Chris Smowton <smowton@github.com>
2026-04-29 18:55:14 +02:00 · 2022-03-25 10:51:26 +01:00
parent b9859fe165
commit 51dfebf4c9
2 changed files with 9 additions and 13 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/WebView.qll
@@ -83,14 +83,12 @@ class ShouldOverrideUrlLoading extends Method {
 */
 predicate isJSEnabled(Expr webview) {
  webview.getType().(RefType).getASupertype*() instanceof TypeWebView and
-  exists(MethodAccess allowJs |
+  exists(MethodAccess allowJs, MethodAccess settings |
    allowJs.getMethod() instanceof AllowJavaScriptMethod and
    allowJs.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and
-    exists(MethodAccess settings |
-      settings.getMethod() instanceof WebViewGetSettingsMethod and
-      DataFlow::localExprFlow(settings, allowJs.getQualifier()) and
-      DataFlow::localExprFlow(webview, settings.getQualifier())
-    )
+    settings.getMethod() instanceof WebViewGetSettingsMethod and
+    DataFlow::localExprFlow(settings, allowJs.getQualifier()) and
+    DataFlow::localExprFlow(webview, settings.getQualifier())
  )
 }

@@ -99,14 +97,12 @@ predicate isJSEnabled(Expr webview) {
 * `setAllowFileAccessFromFileURLs` have been set to `true`.
 */
 predicate isAllowFileAccessEnabled(Expr webview) {
-  exists(MethodAccess allowFileAccess |
+  exists(MethodAccess allowFileAccess, MethodAccess settings |
    allowFileAccess.getMethod() instanceof CrossOriginAccessMethod and
    allowFileAccess.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true and
-    exists(MethodAccess settings |
-      settings.getMethod() instanceof WebViewGetSettingsMethod and
-      DataFlow::localExprFlow(settings, allowFileAccess.getQualifier()) and
-      DataFlow::localExprFlow(webview, settings.getQualifier())
-    )
+    settings.getMethod() instanceof WebViewGetSettingsMethod and
+    DataFlow::localExprFlow(settings, allowFileAccess.getQualifier()) and
+    DataFlow::localExprFlow(webview, settings.getQualifier())
  )
 }

--- a/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeAndroidAccess.qll
@@ -77,7 +77,7 @@ private Expr getUnderlyingExpr(Expr e) {
 }

 /**
- * Holds if `WebViewLoadUrlMethod` is called on `webview`
+ * Holds if a `WebViewLoadUrlMethod` is called on `webview`
 * with `urlArg` as its first argument.
 */
 private predicate webViewLoadUrl(Argument urlArg, Expr webview) {