mirror of
https://github.com/github/codeql.git
synced 2026-04-30 11:15:13 +02:00
Fine tune the query and update qldoc
This commit is contained in:
luchua-bc
@@ -21,8 +21,7 @@ class WebResourceResponse extends RefType {
|
||||
class ShouldInterceptRequestMethod extends Method {
|
||||
ShouldInterceptRequestMethod() {
|
||||
this.hasName("shouldInterceptRequest") and
|
||||
this.getDeclaringType().getASupertype*() instanceof TypeWebViewClient and
|
||||
this.getReturnType() instanceof WebResourceResponse
|
||||
this.getDeclaringType().getASupertype*() instanceof TypeWebViewClient
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,12 +29,11 @@ class ShouldInterceptRequestMethod extends Method {
|
||||
class SetWebViewClientMethodAccess extends MethodAccess {
|
||||
SetWebViewClientMethodAccess() {
|
||||
this.getMethod().hasName("setWebViewClient") and
|
||||
this.getMethod().getDeclaringType().getASupertype*() instanceof TypeWebView and
|
||||
this.getMethod().getParameterType(0) instanceof TypeWebViewClient
|
||||
this.getMethod().getDeclaringType().getASupertype*() instanceof TypeWebView
|
||||
}
|
||||
}
|
||||
|
||||
/** A sink representing a constructor call of `WebResourceResponse` in Android `WebViewClient`. */
|
||||
/** A sink representing the data argument of a call to the constructor of `WebResourceResponse`. */
|
||||
class WebResourceResponseSink extends DataFlow::Node {
|
||||
WebResourceResponseSink() {
|
||||
exists(ConstructorCall cc |
|
||||
@@ -50,7 +48,8 @@ class WebResourceResponseSink extends DataFlow::Node {
|
||||
}
|
||||
|
||||
/**
|
||||
* Value step from a fetching url call of `WebView` to `WebViewClient`.
|
||||
* A value step from the URL argument of `WebView::loadUrl` to the URL parameter of
|
||||
* `WebViewClient::shouldInterceptRequest`.
|
||||
*/
|
||||
private class FetchUrlStep extends AdditionalValueStep {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
@@ -63,20 +62,20 @@ private class FetchUrlStep extends AdditionalValueStep {
|
||||
lma.getMethod() = lm and
|
||||
lma.getQualifier().getType() = sma.getQualifier().getType() and
|
||||
pred.asExpr() = lma.getArgument(0) and
|
||||
succ.asExpr() = im.getParameter(1).getAnAccess()
|
||||
succ.asParameter() = im.getParameter(1)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** Value/taint steps relating to url loading and file reading in an Android application. */
|
||||
private class LoadUrlSource extends SummaryModelCsv {
|
||||
private class LoadUrlSummaries extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
"java.io;FileInputStream;true;FileInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"android.net;Uri;false;getPath;;;Argument[0];ReturnValue;value",
|
||||
"android.webkit;WebResourceRequest;false;getUrl;;;Argument[-1];ReturnValue;value"
|
||||
"android.net;Uri;false;getPath;;;Argument[0];ReturnValue;taint",
|
||||
"android.webkit;WebResourceRequest;false;getUrl;;;Argument[-1];ReturnValue;taint"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,28 +3,28 @@
|
||||
"qhelp.dtd">
|
||||
<qhelp>
|
||||
<overview>
|
||||
<p>Android provides a <code>WebResourceResponse</code> API, which is a <code>WebView</code> class that
|
||||
allows an Android application to behave as a web server by handling requests of popular protocols such
|
||||
as <code>http(s)</code>, <code>file</code>, as well as <code>javascript</code>; and returning a response
|
||||
(including status code, content type, content encoding, headers and the response body). Improper
|
||||
implementation with insufficient input validation can lead to leaking of sensitive configuration file
|
||||
or user data because requests could refer to paths intended to be application-private.
|
||||
<p>Android provides a <code>WebResourceResponse</code> class, which allows an Android application to behave
|
||||
as a web server by handling requests of popular protocols such as <code>http(s)</code>, <code>file</code>,
|
||||
as well as <code>javascript</code>; and returning a response (including status code, content type, content
|
||||
encoding, headers and the response body). Improper implementation with insufficient input validation can lead
|
||||
to leakage of sensitive configuration files or user data because requests could refer to paths intended to be
|
||||
application-private.
|
||||
</p>
|
||||
</overview>
|
||||
|
||||
<recommendation>
|
||||
<p>
|
||||
Unsanitized user provided url must not be used to serve a response directly. When handling a request,
|
||||
always validate that the file path is not the receiver's protected directory. Alternatively the Android
|
||||
API <code>WebViewAssetLoader</code> can be used, which safely processes data from resources, assets or
|
||||
a predefined directory.
|
||||
Unsanitized user-provided URLs must not be used to serve a response directly. When handling a request,
|
||||
always validate that the requested file path is not in the receiver's protected directory. Alternatively
|
||||
the Android class <code>WebViewAssetLoader</code> can be used, which safely processes data from resources,
|
||||
assets or a predefined directory.
|
||||
</p>
|
||||
</recommendation>
|
||||
|
||||
<example>
|
||||
<p>
|
||||
The following examples show a bad situation and two good situations respectively. In the bad situation, a
|
||||
response is served without path validation. In the good situation, a response is either served with path
|
||||
The following examples show a bad scenario and two good scenarios respectively. In the bad scenario, a
|
||||
response is served without path validation. In the good scenario, a response is either served with path
|
||||
validation or through the safe <code>WebViewAssetLoader</code> implementation.
|
||||
</p>
|
||||
<sample src="InsecureWebResourceResponse.java" />
|
||||
@@ -32,7 +32,7 @@ validation or through the safe <code>WebViewAssetLoader</code> implementation.
|
||||
|
||||
<references>
|
||||
<li>
|
||||
Google:
|
||||
Oversecured:
|
||||
<a href="https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/">Android: Exploring vulnerabilities in WebResourceResponse</a>.
|
||||
</li>
|
||||
<li>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/**
|
||||
* @name Insecure Android WebView Resource Response
|
||||
* @description Insecure implementation of Android WebResourceResponse intercepts malicious app requests
|
||||
* and return arbitrary sensitive content.
|
||||
* @description An insecure implementation of Android `WebResourceResponse` may lead to leakage of arbitrary
|
||||
* sensitive content.
|
||||
* @kind path-problem
|
||||
* @id java/insecure-webview-resource-response
|
||||
* @problem.severity error
|
||||
@@ -29,5 +29,5 @@ class InsecureWebResourceResponseConfig extends TaintTracking::Configuration {
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureWebResourceResponseConfig conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Leaking arbitrary content in Android from $@.", source.getNode(),
|
||||
"this user input"
|
||||
select sink.getNode(), source, sink, "Leaking arbitrary content in Android from $@.",
|
||||
source.getNode(), "this user input"
|
||||
|
||||
@@ -17,17 +17,19 @@ edges
|
||||
| InsecureWebResourceResponse.java:42:25:42:32 | inputUrl : Object | InsecureWebResourceResponse.java:188:34:188:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:44:26:44:33 | inputUrl : Object | InsecureWebResourceResponse.java:217:35:217:44 | url : Object |
|
||||
| InsecureWebResourceResponse.java:59:34:59:43 | url : Object | InsecureWebResourceResponse.java:75:20:75:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:63:77:63:86 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri | InsecureWebResourceResponse.java:66:71:66:73 | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:65:41:65:43 | url : Object | InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:68:71:68:81 | inputStream |
|
||||
| InsecureWebResourceResponse.java:66:71:66:73 | uri : Uri | InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String |
|
||||
| InsecureWebResourceResponse.java:66:71:66:83 | getPath(...) : String | InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:80:34:80:43 | url : Object | InsecureWebResourceResponse.java:101:20:101:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:84:77:84:86 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | InsecureWebResourceResponse.java:88:66:88:68 | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:86:41:86:43 | url : Object | InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File |
|
||||
@@ -35,12 +37,13 @@ edges
|
||||
| InsecureWebResourceResponse.java:88:66:88:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File |
|
||||
| InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:91:75:91:85 | inputStream |
|
||||
| InsecureWebResourceResponse.java:89:75:89:83 | cacheFile : File | InsecureWebResourceResponse.java:89:55:89:84 | new FileInputStream(...) : FileInputStream |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:106:34:106:43 | url : Object | InsecureWebResourceResponse.java:127:20:127:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:110:77:110:86 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:112:41:112:43 | url : Object | InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | InsecureWebResourceResponse.java:113:35:113:47 | getPath(...) : String |
|
||||
@@ -49,48 +52,50 @@ edges
|
||||
| InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:117:75:117:85 | inputStream |
|
||||
| InsecureWebResourceResponse.java:115:75:115:78 | path : String | InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String |
|
||||
| InsecureWebResourceResponse.java:115:75:115:107 | substring(...) : String | InsecureWebResourceResponse.java:115:55:115:108 | new FileInputStream(...) : FileInputStream |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:127:20:127:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:131:36:131:45 | url : Object | InsecureWebResourceResponse.java:152:20:152:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:152:20:152:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:156:35:156:44 | url : Object | InsecureWebResourceResponse.java:177:20:177:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:177:20:177:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:181:34:181:43 | url : Object | InsecureWebResourceResponse.java:184:20:184:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:188:34:188:43 | url : Object | InsecureWebResourceResponse.java:209:20:209:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:37 | request : Object | InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Object | InsecureWebResourceResponse.java:196:66:196:68 | uri : Object |
|
||||
| InsecureWebResourceResponse.java:192:77:192:102 | request : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:37 | request : Object | InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File |
|
||||
| InsecureWebResourceResponse.java:196:66:196:68 | uri : Object | InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String |
|
||||
| InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String |
|
||||
| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File |
|
||||
| InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:199:75:199:85 | inputStream |
|
||||
| InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:217:35:217:44 | url : Object | InsecureWebResourceResponse.java:226:20:226:22 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:65:41:65:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:86:41:86:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:112:41:112:43 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:194:31:194:37 | request : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:63:77:63:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:84:77:84:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:110:77:110:86 | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:192:77:192:102 | request : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | InsecureWebResourceResponse.java:232:69:232:78 | url : Object |
|
||||
| InsecureWebResourceResponse.java:232:69:232:78 | url : Object | InsecureWebResourceResponse.java:234:33:234:35 | url : Object |
|
||||
| InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri | InsecureWebResourceResponse.java:235:63:235:65 | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:234:33:234:35 | url : Object | InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:235:43:235:76 | new FileInputStream(...) : FileInputStream | InsecureWebResourceResponse.java:237:63:237:73 | inputStream |
|
||||
@@ -100,7 +105,8 @@ edges
|
||||
| InsecureWebViewActivity.java:27:27:27:64 | getStringExtra(...) : Object | InsecureWebViewActivity.java:28:20:28:27 | inputUrl : Object |
|
||||
| InsecureWebViewActivity.java:28:20:28:27 | inputUrl : Object | InsecureWebViewActivity.java:42:28:42:37 | url : Object |
|
||||
| InsecureWebViewActivity.java:42:28:42:37 | url : Object | InsecureWebViewActivity.java:43:25:43:27 | url : Object |
|
||||
| InsecureWebViewActivity.java:43:25:43:27 | url : Object | InsecureWebViewActivity.java:55:41:55:43 | url : Object |
|
||||
| InsecureWebViewActivity.java:43:25:43:27 | url : Object | InsecureWebViewActivity.java:53:77:53:86 | url : Object |
|
||||
| InsecureWebViewActivity.java:53:77:53:86 | url : Object | InsecureWebViewActivity.java:55:41:55:43 | url : Object |
|
||||
| InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri | InsecureWebViewActivity.java:56:71:56:73 | uri : Uri |
|
||||
| InsecureWebViewActivity.java:55:41:55:43 | url : Object | InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri |
|
||||
| InsecureWebViewActivity.java:56:51:56:84 | new FileInputStream(...) : FileInputStream | InsecureWebViewActivity.java:58:71:58:81 | inputStream |
|
||||
@@ -118,6 +124,7 @@ nodes
|
||||
| InsecureWebResourceResponse.java:42:25:42:32 | inputUrl : Object | semmle.label | inputUrl : Object |
|
||||
| InsecureWebResourceResponse.java:44:26:44:33 | inputUrl : Object | semmle.label | inputUrl : Object |
|
||||
| InsecureWebResourceResponse.java:59:34:59:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:63:77:63:86 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:65:31:65:44 | parse(...) : Uri | semmle.label | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:65:41:65:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:66:51:66:84 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
|
||||
@@ -126,6 +133,7 @@ nodes
|
||||
| InsecureWebResourceResponse.java:68:71:68:81 | inputStream | semmle.label | inputStream |
|
||||
| InsecureWebResourceResponse.java:75:20:75:22 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:80:34:80:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:84:77:84:86 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:86:31:86:44 | parse(...) : Uri | semmle.label | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:86:41:86:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:88:42:88:90 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
@@ -136,6 +144,7 @@ nodes
|
||||
| InsecureWebResourceResponse.java:91:75:91:85 | inputStream | semmle.label | inputStream |
|
||||
| InsecureWebResourceResponse.java:101:20:101:22 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:106:34:106:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:110:77:110:86 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:112:31:112:44 | parse(...) : Uri | semmle.label | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:112:41:112:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:113:35:113:37 | uri : Uri | semmle.label | uri : Uri |
|
||||
@@ -153,10 +162,11 @@ nodes
|
||||
| InsecureWebResourceResponse.java:181:34:181:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:184:20:184:22 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:188:34:188:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:192:77:192:102 | request : Object | semmle.label | request : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:37 | request : Object | semmle.label | request : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Object | semmle.label | getUrl(...) : Object |
|
||||
| InsecureWebResourceResponse.java:194:31:194:46 | getUrl(...) : Uri | semmle.label | getUrl(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:196:42:196:90 | new File(...) : File | semmle.label | new File(...) : File |
|
||||
| InsecureWebResourceResponse.java:196:66:196:68 | uri : Object | semmle.label | uri : Object |
|
||||
| InsecureWebResourceResponse.java:196:66:196:68 | uri : Uri | semmle.label | uri : Uri |
|
||||
| InsecureWebResourceResponse.java:196:66:196:89 | getLastPathSegment(...) : String | semmle.label | getLastPathSegment(...) : String |
|
||||
| InsecureWebResourceResponse.java:197:55:197:84 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
|
||||
| InsecureWebResourceResponse.java:197:75:197:83 | cacheFile : File | semmle.label | cacheFile : File |
|
||||
@@ -164,6 +174,7 @@ nodes
|
||||
| InsecureWebResourceResponse.java:209:20:209:22 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:217:35:217:44 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:226:20:226:22 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:232:69:232:78 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:234:23:234:36 | parse(...) : Uri | semmle.label | parse(...) : Uri |
|
||||
| InsecureWebResourceResponse.java:234:33:234:35 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebResourceResponse.java:235:43:235:76 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
|
||||
@@ -175,6 +186,7 @@ nodes
|
||||
| InsecureWebViewActivity.java:28:20:28:27 | inputUrl : Object | semmle.label | inputUrl : Object |
|
||||
| InsecureWebViewActivity.java:42:28:42:37 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebViewActivity.java:43:25:43:27 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebViewActivity.java:53:77:53:86 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebViewActivity.java:55:31:55:44 | parse(...) : Uri | semmle.label | parse(...) : Uri |
|
||||
| InsecureWebViewActivity.java:55:41:55:43 | url : Object | semmle.label | url : Object |
|
||||
| InsecureWebViewActivity.java:56:51:56:84 | new FileInputStream(...) : FileInputStream | semmle.label | new FileInputStream(...) : FileInputStream |
|
||||
|
||||
Reference in New Issue
Block a user