Add a new test for

2025-12-24 04:36:35 +01:00 · 2021-05-06 13:26:25 +02:00
parent 1f1f85aeb5
commit b69261727d
3 changed files with 26 additions and 7 deletions
--- a/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll
+++ b/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll
@@ -78,10 +78,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {
 private class CrossOriginAccessMethod extends Method {
  CrossOriginAccessMethod() {
    this.getDeclaringType() instanceof TypeWebSettings and
-    (
-      this.hasName("setAllowUniversalAccessFromFileURLs") or
-      this.hasName("setAllowFileAccessFromFileURLs")
-    )
+    this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])
  }
 }

--- a/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java
+++ b/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java
@@ -12,14 +12,14 @@ public class UnsafeAndroidAccess extends Activity {
 		super.onCreate(savedInstanceState);
 		setContentView(R.layout.webview);
 		testJavaScriptEnabledWebView();
-		testCrossOriginEnabledWebView();
+		testUniversalFileAccessEnabledWebView();
+		testFileAccessEnabledWebView();
 		testSafeWebView();
 	}

 	private void testJavaScriptEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
-
 		webSettings.setJavaScriptEnabled(true);

 		wv.setWebViewClient(new WebViewClient() {
@@ -36,7 +36,7 @@ public class UnsafeAndroidAccess extends Activity {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}

-	private void testCrossOriginEnabledWebView() {
+	private void testUniversalFileAccessEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
 		webSettings.setAllowUniversalAccessFromFileURLs(true);
@@ -55,6 +55,25 @@ public class UnsafeAndroidAccess extends Activity {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}

+	private void testFileAccessEnabledWebView() {
+		WebView wv = (WebView) findViewById(R.id.my_webview);
+		WebSettings webSettings = wv.getSettings();
+		webSettings.setAllowFileAccessFromFileURLs(true);
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		String thisUrl = getIntent().getStringExtra("url");
+		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com"); // Safe
+	}
+
 	private void testSafeWebView() {
 		WebView wv = (WebView) findViewById(-1);

--- a/java/ql/test/stubs/android/android/webkit/WebSettings.java
+++ b/java/ql/test/stubs/android/android/webkit/WebSettings.java
@@ -28,4 +28,7 @@ public abstract class WebSettings {

  public void setAllowUniversalAccessFromFileURLs(boolean b) {
  }
+
+  public void setAllowFileAccessFromFileURLs(boolean b) {
+  }
 }