Merge pull request #11628 from egregius313/egregius313/android-webview-addjavascriptinterface-dataflow

Java: Add parameters of methods annotated @JavascriptInterface as remote flow sources
2026-05-04 21:25:44 +02:00 · 2023-01-10 12:41:52 -05:00
parent 0ad585cfe6 da90ae0e8f
commit ce06df3152
5 changed files with 42 additions and 0 deletions
--- a/java/ql/test/library-tests/dataflow/taintsources/AndroidExposedObject.java
+++ b/java/ql/test/library-tests/dataflow/taintsources/AndroidExposedObject.java
@@ -0,0 +1,11 @@
+import android.webkit.JavascriptInterface;
+
+public class AndroidExposedObject {
+    public void sink(Object o) {
+    }
+
+    @JavascriptInterface
+    public void test(String arg) {
+        sink(arg); // $hasRemoteValueFlow
+    }
+}