mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
Reuse previous tests from experimental
This commit is contained in:
Tony Torralba
@@ -1,51 +0,0 @@
|
||||
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
package="com.example.app"
|
||||
android:installLocation="auto"
|
||||
android:versionCode="1"
|
||||
android:versionName="0.1" >
|
||||
|
||||
<uses-permission android:name="android.permission.INTERNET" />
|
||||
|
||||
<application
|
||||
android:icon="@drawable/ic_launcher"
|
||||
android:label="@string/app_name"
|
||||
android:theme="@style/AppTheme" >
|
||||
<activity
|
||||
android:name=".UnsafeAndroidAccess"
|
||||
android:icon="@drawable/ic_launcher"
|
||||
android:label="@string/app_name">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.MAIN" />
|
||||
<category android:name="android.intent.category.LAUNCHER" />
|
||||
</intent-filter>
|
||||
</activity>
|
||||
|
||||
<activity android:name=".UnsafeActivity1" android:exported="true">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW"/>
|
||||
</intent-filter>
|
||||
</activity>
|
||||
|
||||
<activity android:name=".UnsafeActivity2">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW"/>
|
||||
</intent-filter>
|
||||
</activity>
|
||||
|
||||
<activity android:name=".SafeActivity1" android:exported="false">
|
||||
<intent-filter>
|
||||
<action android:name="android.intent.action.VIEW"/>
|
||||
</intent-filter>
|
||||
</activity>
|
||||
|
||||
<activity android:name=".SafeActivity2" android:exported="false" />
|
||||
|
||||
<activity android:name=".SafeActivity3" />
|
||||
|
||||
<activity android:name=".UnsafeActivity3" android:exported="true" />
|
||||
<activity android:name=".UnsafeActivity4" android:exported="true" />
|
||||
|
||||
<receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" />
|
||||
</application>
|
||||
|
||||
</manifest>
|
||||
@@ -1,24 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
/** A utility program for getting intent extra information from Android activity */
|
||||
public class IntentUtils {
|
||||
/** Get intent extra */
|
||||
public static String getIntentUrl(Activity a) {
|
||||
String thisUrl = a.getIntent().getStringExtra("url");
|
||||
return thisUrl;
|
||||
}
|
||||
|
||||
/** Get bundle extra */
|
||||
public static String getBundleUrl(Activity a) {
|
||||
String thisUrl = a.getIntent().getExtras().getString("url");
|
||||
return thisUrl;
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class SafeActivity1 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class SafeActivity2 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class SafeActivity3 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeActivity1 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeActivity2 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeActivity3 extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeActivity4 extends Activity {
|
||||
/**
|
||||
* Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
* Note this case of invoking utility method that takes an Activity a then calls `a.getIntent().getStringExtra(...)` is not yet detected thus is beyond what the query is capable of.
|
||||
*/
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = IntentUtils.getIntentUrl(this);
|
||||
thisUrl = IntentUtils.getBundleUrl(this);
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
edges
|
||||
| UnsafeActivity1.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity1.java:32:14:32:20 | thisUrl |
|
||||
| UnsafeActivity2.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity2.java:32:14:32:20 | thisUrl |
|
||||
| UnsafeActivity3.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity3.java:32:14:32:20 | thisUrl |
|
||||
| UnsafeAndroidAccess.java:31:20:31:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:32:14:32:20 | thisUrl |
|
||||
| UnsafeAndroidAccess.java:54:20:54:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:55:14:55:20 | thisUrl |
|
||||
| UnsafeAndroidAccess.java:96:20:96:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:97:14:97:20 | thisUrl |
|
||||
| UnsafeAndroidBroadcastReceiver.java:16:41:16:53 | intent : Intent | UnsafeAndroidBroadcastReceiver.java:32:14:32:20 | thisUrl |
|
||||
nodes
|
||||
| UnsafeActivity1.java:31:20:31:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeActivity1.java:32:14:32:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeActivity2.java:31:20:31:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeActivity2.java:32:14:32:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeActivity3.java:31:20:31:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeActivity3.java:32:14:32:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeAndroidAccess.java:31:20:31:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeAndroidAccess.java:32:14:32:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeAndroidAccess.java:54:20:54:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeAndroidAccess.java:55:14:55:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeAndroidAccess.java:96:20:96:30 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
|
||||
| UnsafeAndroidAccess.java:97:14:97:20 | thisUrl | semmle.label | thisUrl |
|
||||
| UnsafeAndroidBroadcastReceiver.java:16:41:16:53 | intent : Intent | semmle.label | intent : Intent |
|
||||
| UnsafeAndroidBroadcastReceiver.java:32:14:32:20 | thisUrl | semmle.label | thisUrl |
|
||||
#select
|
||||
| UnsafeActivity1.java:32:3:32:21 | loadUrl(...) | UnsafeActivity1.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity1.java:32:14:32:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeActivity1.java:31:20:31:30 | getIntent(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
| UnsafeActivity2.java:32:3:32:21 | loadUrl(...) | UnsafeActivity2.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity2.java:32:14:32:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeActivity2.java:31:20:31:30 | getIntent(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
| UnsafeActivity3.java:32:3:32:21 | loadUrl(...) | UnsafeActivity3.java:31:20:31:30 | getIntent(...) : Intent | UnsafeActivity3.java:32:14:32:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeActivity3.java:31:20:31:30 | getIntent(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
| UnsafeAndroidAccess.java:32:3:32:21 | loadUrl(...) | UnsafeAndroidAccess.java:31:20:31:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:32:14:32:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:31:20:31:30 | getIntent(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
| UnsafeAndroidAccess.java:55:3:55:21 | loadUrl(...) | UnsafeAndroidAccess.java:54:20:54:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:55:14:55:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:54:20:54:30 | getIntent(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
| UnsafeAndroidAccess.java:97:3:97:21 | loadUrl(...) | UnsafeAndroidAccess.java:96:20:96:30 | getIntent(...) : Intent | UnsafeAndroidAccess.java:97:14:97:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:96:20:96:30 | getIntent(...) | user input vulnerable to XSS attacks |
|
||||
| UnsafeAndroidBroadcastReceiver.java:32:3:32:21 | loadUrl(...) | UnsafeAndroidBroadcastReceiver.java:16:41:16:53 | intent : Intent | UnsafeAndroidBroadcastReceiver.java:32:14:32:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidBroadcastReceiver.java:16:41:16:53 | intent | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
|
||||
@@ -1,121 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.os.Bundle;
|
||||
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeAndroidAccess extends Activity {
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
||||
public void testOnCreate1(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getExtras().getString("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from string extra
|
||||
public void testOnCreate2(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getStringExtra("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
|
||||
//Test onCreate with both JavaScript and cross-origin resource access disabled by default while taking remote user inputs
|
||||
public void testOnCreate3(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getStringExtra("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
|
||||
//Test onCreate with JavaScript enabled but cross-origin resource access disabled while taking remote user inputs
|
||||
public void testOnCreate4(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
String thisUrl = getIntent().getStringExtra("url");
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
|
||||
//Test onCreate with both JavaScript and cross-origin resource access enabled while not taking remote user inputs
|
||||
public void testOnCreate5(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
setContentView(-1);
|
||||
|
||||
WebView wv = (WebView) findViewById(-1);
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
wv.loadUrl("https://www.mycorp.com");
|
||||
}
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
|
||||
@@ -1,34 +0,0 @@
|
||||
package com.example.app;
|
||||
|
||||
import android.app.Activity;
|
||||
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
import android.content.BroadcastReceiver;
|
||||
import android.os.Bundle;
|
||||
import android.webkit.WebSettings;
|
||||
import android.webkit.WebView;
|
||||
import android.webkit.WebViewClient;
|
||||
|
||||
public class UnsafeAndroidBroadcastReceiver extends BroadcastReceiver {
|
||||
//Test onCreate with JavaScript enabled but cross-origin resource access disabled while taking remote user inputs
|
||||
@Override
|
||||
public void onReceive(Context context, Intent intent) {
|
||||
String thisUrl = intent.getStringExtra("url");
|
||||
WebView wv = null;
|
||||
WebSettings webSettings = wv.getSettings();
|
||||
|
||||
webSettings.setJavaScriptEnabled(true);
|
||||
webSettings.setAllowFileAccessFromFileURLs(true);
|
||||
|
||||
wv.setWebViewClient(new WebViewClient() {
|
||||
@Override
|
||||
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
||||
view.loadUrl(url);
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
wv.loadUrl(thisUrl);
|
||||
}
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0
|
||||
Reference in New Issue
Block a user