hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Give query an id and PathGraph query predicates

Browse Source
This commit is contained in:
Chris Smowton
2020-10-16 16:17:10 +01:00
parent b359802dd4
commit 5a480bfb13
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
View File

@@ -1,5 +1,6 @@
/**
* @name Unsafe resource fetching in Android webview
* @id java/android/unsafe-android-webview-fetch
* @description JavaScript rendered inside WebViews can access any protected application file and web resource from any origin
* @kind path-problem
* @tags security
@@ -11,6 +12,7 @@ import java
import semmle.code.java.frameworks.android.Intent
import semmle.code.java.frameworks.android.WebView
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
/**
* Methods allowing any-local-file and cross-origin access in the WebSettings class