hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a new test for

Browse Source
This commit is contained in:
Tony Torralba
2021-05-06 13:26:25 +02:00
parent 1f1f85aeb5
commit b69261727d
3 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll
View File

@@ -78,10 +78,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {
private class CrossOriginAccessMethod extends Method { private class CrossOriginAccessMethod extends Method {
CrossOriginAccessMethod() { CrossOriginAccessMethod() {
this.getDeclaringType() instanceof TypeWebSettings and this.getDeclaringType() instanceof TypeWebSettings and
( this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])
this.hasName("setAllowUniversalAccessFromFileURLs") or
this.hasName("setAllowFileAccessFromFileURLs")
)
} }
} }

25
java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java
View File

@@ -12,14 +12,14 @@ public class UnsafeAndroidAccess extends Activity {
super.onCreate(savedInstanceState); super.onCreate(savedInstanceState);
setContentView(R.layout.webview); setContentView(R.layout.webview);
testJavaScriptEnabledWebView(); testJavaScriptEnabledWebView();
testCrossOriginEnabledWebView(); testUniversalFileAccessEnabledWebView();
testFileAccessEnabledWebView();
testSafeWebView(); testSafeWebView();
} }
private void testJavaScriptEnabledWebView() { private void testJavaScriptEnabledWebView() {
WebView wv = (WebView) findViewById(R.id.my_webview); WebView wv = (WebView) findViewById(R.id.my_webview);
WebSettings webSettings = wv.getSettings(); WebSettings webSettings = wv.getSettings();
webSettings.setJavaScriptEnabled(true); webSettings.setJavaScriptEnabled(true);
wv.setWebViewClient(new WebViewClient() { wv.setWebViewClient(new WebViewClient() {
@@ -36,7 +36,7 @@ public class UnsafeAndroidAccess extends Activity {
wv.loadUrl("https://www.mycorp.com"); // Safe wv.loadUrl("https://www.mycorp.com"); // Safe
} }
private void testCrossOriginEnabledWebView() { private void testUniversalFileAccessEnabledWebView() {
WebView wv = (WebView) findViewById(R.id.my_webview); WebView wv = (WebView) findViewById(R.id.my_webview);
WebSettings webSettings = wv.getSettings(); WebSettings webSettings = wv.getSettings();
webSettings.setAllowUniversalAccessFromFileURLs(true); webSettings.setAllowUniversalAccessFromFileURLs(true);
@@ -55,6 +55,25 @@ public class UnsafeAndroidAccess extends Activity {
wv.loadUrl("https://www.mycorp.com"); // Safe wv.loadUrl("https://www.mycorp.com"); // Safe
} }
private void testFileAccessEnabledWebView() {
WebView wv = (WebView) findViewById(R.id.my_webview);
WebSettings webSettings = wv.getSettings();
webSettings.setAllowFileAccessFromFileURLs(true);
wv.setWebViewClient(new WebViewClient() {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
});
String thisUrl = getIntent().getStringExtra("url");
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
wv.loadUrl("https://www.mycorp.com"); // Safe
}
private void testSafeWebView() { private void testSafeWebView() {
WebView wv = (WebView) findViewById(-1); WebView wv = (WebView) findViewById(-1);

3
java/ql/test/stubs/android/android/webkit/WebSettings.java
View File

@@ -28,4 +28,7 @@ public abstract class WebSettings {
public void setAllowUniversalAccessFromFileURLs(boolean b) { public void setAllowUniversalAccessFromFileURLs(boolean b) {
} }
public void setAllowFileAccessFromFileURLs(boolean b) {
}
} }