hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix qltests.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-05-10 09:46:27 +02:00
parent 21dea62e99
commit a0a9d30286
11 changed files with 217 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/experimental/Security/CWE/CWE-200/AndroidWebResourceResponse.qll
View File

@@ -55,10 +55,14 @@ class WebResourceResponseSink extends DataFlow::Node {
}
/**
* A value step from the URL argument of `WebView::loadUrl` to the URL parameter of
* A taint step from the URL argument of `WebView::loadUrl` to the URL/WebResourceRequest parameter of
* `WebViewClient::shouldInterceptRequest`.
*
* TODO: This ought to be a value step when it is targeting the URL parameter,
* and it ought to check the parameter type in both cases to ensure that we only
* hit the overloads we intend to.
*/
private class FetchUrlStep extends AdditionalValueStep {
private class FetchUrlStep extends AdditionalTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(
// webview.loadUrl(url) -> webview.setWebViewClient(new WebViewClient() { shouldInterceptRequest(view, url) });