Enhance the query and add more test cases

java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.expected

@@ -1 +1,2 @@
-| UnsafeAndroidAccess.java:29:3:29:21 | loadUrl(...) | UnsafeAndroidAccess.java:29:14:29:20 | thisUrl | UnsafeAndroidAccess.java:29:14:29:20 | thisUrl | Unsafe resource loading in Android webview due to $@. | UnsafeAndroidAccess.java:29:14:29:20 | thisUrl | user input vulnerable to XSS and sensitive resource disclosure attacks |
+| UnsafeAndroidAccess.java:30:3:30:21 | loadUrl(...) | UnsafeAndroidAccess.java:30:14:30:20 | thisUrl | UnsafeAndroidAccess.java:30:14:30:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:30:14:30:20 | thisUrl | user input vulnerable to XSS and sensitive resource disclosure attacks |
+| UnsafeAndroidAccess.java:53:3:53:21 | loadUrl(...) | UnsafeAndroidAccess.java:53:14:53:20 | thisUrl | UnsafeAndroidAccess.java:53:14:53:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:53:14:53:20 | thisUrl | user input vulnerable to XSS and sensitive resource disclosure attacks |

java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.java

@@ -7,7 +7,8 @@ import android.webkit.WebView;
 import android.webkit.WebViewClient;
 
 public class UnsafeAndroidAccess extends Activity {
-	public void onCreate(Bundle savedInstanceState) {
+	//Test onCreate with both JavaScript and universal resource access enabled while taking remote user inputs from bundle extras
+	public void testOnCreate1(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(-1);
 
@@ -28,4 +29,69 @@ public class UnsafeAndroidAccess extends Activity {
 		String thisUrl = getIntent().getExtras().getString("url");
 		wv.loadUrl(thisUrl);
 	}
+
+	//Test onCreate with both JavaScript and universal resource access enabled while taking remote user inputs from string extra
+	public void testOnCreate2(Bundle savedInstanceState) {
+		super.onCreate(savedInstanceState);
+		setContentView(-1);
+
+		WebView wv = (WebView) findViewById(-1);
+		WebSettings webSettings = wv.getSettings();
+
+		webSettings.setJavaScriptEnabled(true);
+		webSettings.setAllowFileAccessFromFileURLs(true);
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		String thisUrl = getIntent().getStringExtra("url");
+		wv.loadUrl(thisUrl);
+	}
+
+	//Test onCreate with both JavaScript and universal resource access disabled by default while taking remote user inputs
+	public void testOnCreate3(Bundle savedInstanceState) {
+		super.onCreate(savedInstanceState);
+		setContentView(-1);
+
+		WebView wv = (WebView) findViewById(-1);
+		WebSettings webSettings = wv.getSettings();
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		String thisUrl = getIntent().getStringExtra("url");
+		wv.loadUrl(thisUrl);
+	}
+
+	//Test onCreate with both JavaScript and universal resource access enabled while not taking remote user inputs
+	public void testOnCreate4(Bundle savedInstanceState) {
+		super.onCreate(savedInstanceState);
+		setContentView(-1);
+
+		WebView wv = (WebView) findViewById(-1);
+		WebSettings webSettings = wv.getSettings();
+
+		webSettings.setJavaScriptEnabled(true);
+		webSettings.setAllowFileAccessFromFileURLs(true);
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		wv.loadUrl("https://www.mycorp.com");
+	}
 }

java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.qlref

@@ -1 +1 @@
-experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql