mirror of
https://github.com/github/codeql.git
synced 2026-04-26 17:25:19 +02:00
Merge branch 'main' into java/experimental/command-injection
This commit is contained in:
Paul Hodgkinson
@@ -1,6 +1,7 @@
|
||||
import java
|
||||
|
||||
query predicate classExprs(Expr e, string tstr) {
|
||||
exists(e.getFile().getRelativePath()) and
|
||||
tstr = e.getType().toString() and
|
||||
tstr.matches("%Class%")
|
||||
}
|
||||
|
||||
@@ -169,15 +169,18 @@ def.kt:
|
||||
# 33| 0: [SuperConstructorInvocationStmt] super(...)
|
||||
# 33| 1: [BlockStmt] { ... }
|
||||
# 34| 5: [Class] Y
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Y>
|
||||
# 0| 0: [TypeAccess] Y
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Y
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Y[]
|
||||
# 0| 0: [TypeAccess] Y
|
||||
# 34| 4: [Constructor] Y
|
||||
# 34| 5: [Constructor] Y
|
||||
# 34| 5: [BlockStmt] { ... }
|
||||
# 34| 0: [ExprStmt] <Expr>;
|
||||
# 34| 0: [ClassInstanceExpr] new Enum(...)
|
||||
@@ -186,15 +189,15 @@ def.kt:
|
||||
# 34| 0: [NullLiteral] null
|
||||
# 34| 1: [IntegerLiteral] 0
|
||||
# 34| 1: [BlockStmt] { ... }
|
||||
# 35| 5: [FieldDeclaration] Y A;
|
||||
# 35| 6: [FieldDeclaration] Y A;
|
||||
# 35| -1: [TypeAccess] Y
|
||||
# 35| 0: [ClassInstanceExpr] new Y(...)
|
||||
# 35| -3: [TypeAccess] Y
|
||||
# 35| 6: [FieldDeclaration] Y B;
|
||||
# 35| 7: [FieldDeclaration] Y B;
|
||||
# 35| -1: [TypeAccess] Y
|
||||
# 35| 0: [ClassInstanceExpr] new Y(...)
|
||||
# 35| -3: [TypeAccess] Y
|
||||
# 35| 7: [FieldDeclaration] Y C;
|
||||
# 35| 8: [FieldDeclaration] Y C;
|
||||
# 35| -1: [TypeAccess] Y
|
||||
# 35| 0: [ClassInstanceExpr] new Y(...)
|
||||
# 35| -3: [TypeAccess] Y
|
||||
|
||||
@@ -160,15 +160,18 @@ classes.kt:
|
||||
# 42| -1: [TypeAccess] int
|
||||
# 42| 0: [IntegerLiteral] 3
|
||||
# 49| 11: [Class] Direction
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Direction>
|
||||
# 0| 0: [TypeAccess] Direction
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Direction
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Direction[]
|
||||
# 0| 0: [TypeAccess] Direction
|
||||
# 49| 4: [Constructor] Direction
|
||||
# 49| 5: [Constructor] Direction
|
||||
# 49| 5: [BlockStmt] { ... }
|
||||
# 49| 0: [ExprStmt] <Expr>;
|
||||
# 49| 0: [ClassInstanceExpr] new Enum(...)
|
||||
@@ -177,32 +180,35 @@ classes.kt:
|
||||
# 49| 0: [NullLiteral] null
|
||||
# 49| 1: [IntegerLiteral] 0
|
||||
# 49| 1: [BlockStmt] { ... }
|
||||
# 50| 5: [FieldDeclaration] Direction NORTH;
|
||||
# 50| 6: [FieldDeclaration] Direction NORTH;
|
||||
# 50| -1: [TypeAccess] Direction
|
||||
# 50| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 50| -3: [TypeAccess] Direction
|
||||
# 50| 6: [FieldDeclaration] Direction SOUTH;
|
||||
# 50| 7: [FieldDeclaration] Direction SOUTH;
|
||||
# 50| -1: [TypeAccess] Direction
|
||||
# 50| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 50| -3: [TypeAccess] Direction
|
||||
# 50| 7: [FieldDeclaration] Direction WEST;
|
||||
# 50| 8: [FieldDeclaration] Direction WEST;
|
||||
# 50| -1: [TypeAccess] Direction
|
||||
# 50| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 50| -3: [TypeAccess] Direction
|
||||
# 50| 8: [FieldDeclaration] Direction EAST;
|
||||
# 50| 9: [FieldDeclaration] Direction EAST;
|
||||
# 50| -1: [TypeAccess] Direction
|
||||
# 50| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 50| -3: [TypeAccess] Direction
|
||||
# 53| 12: [Class] Color
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Color>
|
||||
# 0| 0: [TypeAccess] Color
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Color
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Color[]
|
||||
# 0| 0: [TypeAccess] Color
|
||||
# 53| 4: [Constructor] Color
|
||||
# 53| 5: [Constructor] Color
|
||||
#-----| 4: (Parameters)
|
||||
# 53| 0: [Parameter] rgb
|
||||
# 53| 0: [TypeAccess] int
|
||||
@@ -217,26 +223,26 @@ classes.kt:
|
||||
# 53| 0: [ExprStmt] <Expr>;
|
||||
# 53| 0: [KtInitializerAssignExpr] ...=...
|
||||
# 53| 0: [VarAccess] rgb
|
||||
# 53| 5: [Method] getRgb
|
||||
# 53| 6: [Method] getRgb
|
||||
# 53| 3: [TypeAccess] int
|
||||
# 53| 5: [BlockStmt] { ... }
|
||||
# 53| 0: [ReturnStmt] return ...
|
||||
# 53| 0: [VarAccess] this.rgb
|
||||
# 53| -1: [ThisAccess] this
|
||||
# 53| 6: [FieldDeclaration] int rgb;
|
||||
# 53| 7: [FieldDeclaration] int rgb;
|
||||
# 53| -1: [TypeAccess] int
|
||||
# 53| 0: [VarAccess] rgb
|
||||
# 54| 7: [FieldDeclaration] Color RED;
|
||||
# 54| 8: [FieldDeclaration] Color RED;
|
||||
# 54| -1: [TypeAccess] Color
|
||||
# 54| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 54| -3: [TypeAccess] Color
|
||||
# 54| 0: [IntegerLiteral] 16711680
|
||||
# 55| 8: [FieldDeclaration] Color GREEN;
|
||||
# 55| 9: [FieldDeclaration] Color GREEN;
|
||||
# 55| -1: [TypeAccess] Color
|
||||
# 55| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 55| -3: [TypeAccess] Color
|
||||
# 55| 0: [IntegerLiteral] 65280
|
||||
# 56| 9: [FieldDeclaration] Color BLUE;
|
||||
# 56| 10: [FieldDeclaration] Color BLUE;
|
||||
# 56| -1: [TypeAccess] Color
|
||||
# 56| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 56| -3: [TypeAccess] Color
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
| apply.kt:6:9:6:41 | apply(...) |
|
||||
| apply.kt:7:14:7:40 | apply(...) |
|
||||
@@ -0,0 +1,9 @@
|
||||
class ApplyFlowTest {
|
||||
fun <T> taint(t: T) = t
|
||||
fun sink(s: String) { }
|
||||
|
||||
fun test(input: String) {
|
||||
taint(input).apply { sink(this) } // $ hasValueFlow
|
||||
sink(taint(input).apply { this }) // $ hasValueFlow
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
import java
|
||||
import semmle.code.java.frameworks.kotlin.Kotlin
|
||||
|
||||
from KotlinApply a
|
||||
select a
|
||||
@@ -3344,15 +3344,18 @@ exprs.kt:
|
||||
# 154| 0: [SuperConstructorInvocationStmt] super(...)
|
||||
# 154| 1: [BlockStmt] { ... }
|
||||
# 174| 6: [Class] Direction
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Direction>
|
||||
# 0| 0: [TypeAccess] Direction
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Direction
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Direction[]
|
||||
# 0| 0: [TypeAccess] Direction
|
||||
# 174| 4: [Constructor] Direction
|
||||
# 174| 5: [Constructor] Direction
|
||||
# 174| 5: [BlockStmt] { ... }
|
||||
# 174| 0: [ExprStmt] <Expr>;
|
||||
# 174| 0: [ClassInstanceExpr] new Enum(...)
|
||||
@@ -3361,32 +3364,35 @@ exprs.kt:
|
||||
# 174| 0: [NullLiteral] null
|
||||
# 174| 1: [IntegerLiteral] 0
|
||||
# 174| 1: [BlockStmt] { ... }
|
||||
# 175| 5: [FieldDeclaration] Direction NORTH;
|
||||
# 175| 6: [FieldDeclaration] Direction NORTH;
|
||||
# 175| -1: [TypeAccess] Direction
|
||||
# 175| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 175| -3: [TypeAccess] Direction
|
||||
# 175| 6: [FieldDeclaration] Direction SOUTH;
|
||||
# 175| 7: [FieldDeclaration] Direction SOUTH;
|
||||
# 175| -1: [TypeAccess] Direction
|
||||
# 175| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 175| -3: [TypeAccess] Direction
|
||||
# 175| 7: [FieldDeclaration] Direction WEST;
|
||||
# 175| 8: [FieldDeclaration] Direction WEST;
|
||||
# 175| -1: [TypeAccess] Direction
|
||||
# 175| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 175| -3: [TypeAccess] Direction
|
||||
# 175| 8: [FieldDeclaration] Direction EAST;
|
||||
# 175| 9: [FieldDeclaration] Direction EAST;
|
||||
# 175| -1: [TypeAccess] Direction
|
||||
# 175| 0: [ClassInstanceExpr] new Direction(...)
|
||||
# 175| -3: [TypeAccess] Direction
|
||||
# 178| 7: [Class] Color
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Color>
|
||||
# 0| 0: [TypeAccess] Color
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Color
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Color[]
|
||||
# 0| 0: [TypeAccess] Color
|
||||
# 178| 4: [Constructor] Color
|
||||
# 178| 5: [Constructor] Color
|
||||
#-----| 4: (Parameters)
|
||||
# 178| 0: [Parameter] rgb
|
||||
# 178| 0: [TypeAccess] int
|
||||
@@ -3401,26 +3407,26 @@ exprs.kt:
|
||||
# 178| 0: [ExprStmt] <Expr>;
|
||||
# 178| 0: [KtInitializerAssignExpr] ...=...
|
||||
# 178| 0: [VarAccess] rgb
|
||||
# 178| 5: [Method] getRgb
|
||||
# 178| 6: [Method] getRgb
|
||||
# 178| 3: [TypeAccess] int
|
||||
# 178| 5: [BlockStmt] { ... }
|
||||
# 178| 0: [ReturnStmt] return ...
|
||||
# 178| 0: [VarAccess] this.rgb
|
||||
# 178| -1: [ThisAccess] this
|
||||
# 178| 6: [FieldDeclaration] int rgb;
|
||||
# 178| 7: [FieldDeclaration] int rgb;
|
||||
# 178| -1: [TypeAccess] int
|
||||
# 178| 0: [VarAccess] rgb
|
||||
# 179| 7: [FieldDeclaration] Color RED;
|
||||
# 179| 8: [FieldDeclaration] Color RED;
|
||||
# 179| -1: [TypeAccess] Color
|
||||
# 179| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 179| -3: [TypeAccess] Color
|
||||
# 179| 0: [IntegerLiteral] 16711680
|
||||
# 180| 8: [FieldDeclaration] Color GREEN;
|
||||
# 180| 9: [FieldDeclaration] Color GREEN;
|
||||
# 180| -1: [TypeAccess] Color
|
||||
# 180| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 180| -3: [TypeAccess] Color
|
||||
# 180| 0: [IntegerLiteral] 65280
|
||||
# 181| 9: [FieldDeclaration] Color BLUE;
|
||||
# 181| 10: [FieldDeclaration] Color BLUE;
|
||||
# 181| -1: [TypeAccess] Color
|
||||
# 181| 0: [ClassInstanceExpr] new Color(...)
|
||||
# 181| -3: [TypeAccess] Color
|
||||
|
||||
@@ -885,10 +885,14 @@
|
||||
| delegatedProperties.kt:87:34:87:46 | this | delegatedProperties.kt:87:34:87:46 | invoke | ThisAccess |
|
||||
| exprs.kt:0:0:0:0 | Color | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Color | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Color | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Color[] | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Direction | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Direction | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Direction | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | Direction[] | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | EnumEntries<Color> | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | EnumEntries<Direction> | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | String | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:0:0:0:0 | String | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
| exprs.kt:4:1:142:1 | int | file://:0:0:0:0 | <none> | TypeAccess |
|
||||
|
||||
@@ -74,15 +74,18 @@ A.kt:
|
||||
# 20| 0: [VarAccess] B.x
|
||||
# 20| -1: [TypeAccess] B
|
||||
# 23| 11: [Class] Enu
|
||||
# 0| 2: [Method] valueOf
|
||||
# 0| 2: [Method] getEntries
|
||||
# 0| 3: [TypeAccess] EnumEntries<Enu>
|
||||
# 0| 0: [TypeAccess] Enu
|
||||
# 0| 3: [Method] valueOf
|
||||
# 0| 3: [TypeAccess] Enu
|
||||
#-----| 4: (Parameters)
|
||||
# 0| 0: [Parameter] value
|
||||
# 0| 0: [TypeAccess] String
|
||||
# 0| 3: [Method] values
|
||||
# 0| 4: [Method] values
|
||||
# 0| 3: [TypeAccess] Enu[]
|
||||
# 0| 0: [TypeAccess] Enu
|
||||
# 23| 4: [Constructor] Enu
|
||||
# 23| 5: [Constructor] Enu
|
||||
# 23| 5: [BlockStmt] { ... }
|
||||
# 23| 0: [ExprStmt] <Expr>;
|
||||
# 23| 0: [ClassInstanceExpr] new Enum(...)
|
||||
@@ -91,15 +94,15 @@ A.kt:
|
||||
# 23| 0: [NullLiteral] null
|
||||
# 23| 1: [IntegerLiteral] 0
|
||||
# 23| 1: [BlockStmt] { ... }
|
||||
# 24| 5: [FieldDeclaration] Enu A;
|
||||
# 24| 6: [FieldDeclaration] Enu A;
|
||||
# 24| -1: [TypeAccess] Enu
|
||||
# 24| 0: [ClassInstanceExpr] new Enu(...)
|
||||
# 24| -3: [TypeAccess] Enu
|
||||
# 24| 6: [FieldDeclaration] Enu B;
|
||||
# 24| 7: [FieldDeclaration] Enu B;
|
||||
# 24| -1: [TypeAccess] Enu
|
||||
# 24| 0: [ClassInstanceExpr] new Enu(...)
|
||||
# 24| -3: [TypeAccess] Enu
|
||||
# 24| 7: [FieldDeclaration] Enu C;
|
||||
# 24| 8: [FieldDeclaration] Enu C;
|
||||
# 24| -1: [TypeAccess] Enu
|
||||
# 24| 0: [ClassInstanceExpr] new Enu(...)
|
||||
# 24| -3: [TypeAccess] Enu
|
||||
|
||||
@@ -225,7 +225,11 @@
|
||||
| delegates.kt:10:33:10:35 | new | VarAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumClass | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumClass | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumClass | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumClass[] | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumEntries<EnumClass> | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumEntries<EnumWithFunctions> | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumWithFunctions | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumWithFunctions | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumWithFunctions | TypeAccess |
|
||||
| enumClass.kt:0:0:0:0 | EnumWithFunctions[] | TypeAccess |
|
||||
|
||||
@@ -26,10 +26,12 @@ methods
|
||||
| delegates.kt:8:32:11:5 | new KMutableProperty1<MyClass,String>(...) { ... } | delegates.kt:8:32:11:5 | set | set(MyClass,java.lang.String) | override, public | |
|
||||
| delegates.kt:8:66:11:5 | new Function3<KProperty<?>,String,String,Unit>(...) { ... } | delegates.kt:8:66:11:5 | invoke | invoke(kotlin.reflect.KProperty,java.lang.String,java.lang.String) | final, override, public | |
|
||||
| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | <clinit> | <clinit>() | static | Compiler generated |
|
||||
| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | getEntries | getEntries() | final, public, static | Compiler generated |
|
||||
| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | final, public, static | Compiler generated |
|
||||
| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:0:0:0:0 | values | values() | final, public, static | Compiler generated |
|
||||
| enumClass.kt:1:1:4:1 | EnumClass | enumClass.kt:1:22:1:31 | getV | getV() | final, public | Compiler generated |
|
||||
| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | <clinit> | <clinit>() | static | Compiler generated |
|
||||
| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | getEntries | getEntries() | final, public, static | Compiler generated |
|
||||
| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | valueOf | valueOf(java.lang.String) | final, public, static | Compiler generated |
|
||||
| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:0:0:0:0 | values | values() | final, public, static | Compiler generated |
|
||||
| enumClass.kt:6:1:16:1 | EnumWithFunctions | enumClass.kt:13:12:13:29 | f | f(int) | abstract, public | |
|
||||
|
||||
2
java/ql/test/library-tests/file_classes/A.kt
Normal file
2
java/ql/test/library-tests/file_classes/A.kt
Normal file
@@ -0,0 +1,2 @@
|
||||
fun a() {
|
||||
}
|
||||
3
java/ql/test/library-tests/file_classes/B.kt
Normal file
3
java/ql/test/library-tests/file_classes/B.kt
Normal file
@@ -0,0 +1,3 @@
|
||||
fun b() {
|
||||
a()
|
||||
}
|
||||
3
java/ql/test/library-tests/file_classes/C.kt
Normal file
3
java/ql/test/library-tests/file_classes/C.kt
Normal file
@@ -0,0 +1,3 @@
|
||||
class C {
|
||||
fun c() {}
|
||||
}
|
||||
3
java/ql/test/library-tests/file_classes/classes.expected
Normal file
3
java/ql/test/library-tests/file_classes/classes.expected
Normal file
@@ -0,0 +1,3 @@
|
||||
| A.kt:0:0:0:0 | AKt | true |
|
||||
| B.kt:0:0:0:0 | BKt | true |
|
||||
| C.kt:1:1:3:1 | C | false |
|
||||
5
java/ql/test/library-tests/file_classes/classes.ql
Normal file
5
java/ql/test/library-tests/file_classes/classes.ql
Normal file
@@ -0,0 +1,5 @@
|
||||
import java
|
||||
|
||||
from Class c
|
||||
where c.fromSource()
|
||||
select c, any(boolean b | if c.isFileClass() then b = true else b = false)
|
||||
@@ -7,5 +7,9 @@
|
||||
| java.net.URL#openStream() | 1 |
|
||||
| java.net.URLConnection#getInputStream() | 1 |
|
||||
| java.time.Duration#ofMillis(long) | 1 |
|
||||
| java.util.Iterator#next() | 1 |
|
||||
| java.util.Map#entrySet() | 1 |
|
||||
| java.util.Map#put(Object,Object) | 1 |
|
||||
| java.util.Map$Entry#getKey() | 1 |
|
||||
| java.util.Set#iterator() | 1 |
|
||||
| org.apache.commons.io.FileUtils#deleteDirectory(File) | 1 |
|
||||
|
||||
@@ -15,6 +15,7 @@ class SupportedExternalApis {
|
||||
|
||||
Map<String, Object> map = new HashMap<>(); // uninteresting (parameterless constructor)
|
||||
map.put("foo", new Object()); // supported summary
|
||||
map.entrySet().iterator().next().getKey(); // nested class (Map.Entry), supported summaries (entrySet, iterator, next, getKey)
|
||||
|
||||
Duration d = java.time.Duration.ofMillis(1000); // supported neutral
|
||||
|
||||
|
||||
@@ -9,12 +9,19 @@ import android.webkit.WebViewClient
|
||||
class UnsafeActivityKt : Activity() {
|
||||
override fun onCreate(savedInstanceState : Bundle) {
|
||||
|
||||
val src : String = intent.extras.getString("url")
|
||||
|
||||
val wv = findViewById<WebView>(-1)
|
||||
// Implicit not-nulls happening here
|
||||
wv.settings.setJavaScriptEnabled(true)
|
||||
wv.settings.setAllowFileAccessFromFileURLs(true)
|
||||
|
||||
val thisUrl : String = intent.extras.getString("url")
|
||||
wv.loadUrl(thisUrl) // $ hasUnsafeAndroidAccess
|
||||
wv.loadUrl(src) // $ hasUnsafeAndroidAccess
|
||||
|
||||
val wv2 = findViewById<WebView>(-1)
|
||||
wv2.apply {
|
||||
settings.setJavaScriptEnabled(true)
|
||||
}
|
||||
wv2.loadUrl(src) // $ hasUnsafeAndroidAccess
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user