From e0c51b510feb4b0a913d1e549dbcd5f80056b0ce Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Mon, 1 Mar 2021 13:07:20 +0100 Subject: [PATCH] Java: Convert WebViewGetUrlMethod to CSV based flow source --- java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll | 6 +++++- java/ql/src/semmle/code/java/dataflow/FlowSources.qll | 4 +--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll index 354ea4288d4..41285c651cd 100644 --- a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll @@ -162,7 +162,11 @@ private predicate sourceModelCsv(string row) { "android.util;AttributeSet;false;getIdAttribute;;;ReturnValue;remote", "android.util;AttributeSet;false;getIdAttributeResourceValue;;;ReturnValue;remote", "android.util;AttributeSet;false;getPositionDescription;;;ReturnValue;remote", - "android.util;AttributeSet;false;getStyleAttribute;;;ReturnValue;remote" + "android.util;AttributeSet;false;getStyleAttribute;;;ReturnValue;remote", + // The current URL in a browser may be untrusted or uncontrolled. + // WebViewGetUrlMethod + "android.webkit;WebView;false;getUrl;();;ReturnValue;remote", + "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote" ] } diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll index de8d90344cf..de1b7693826 100644 --- a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll @@ -215,9 +215,7 @@ class DatabaseInput extends LocalUserInput { private class RemoteTaintedMethod extends Method { RemoteTaintedMethod() { this instanceof PlayRequestGetMethod or - this instanceof SpringRestTemplateResponseEntityMethod or - // The current URL in a browser may be untrusted or uncontrolled. - this instanceof WebViewGetUrlMethod + this instanceof SpringRestTemplateResponseEntityMethod } }