hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-749/UnsafeActivityKt.kt
Tony Torralba 16529cdd18 Add failing test
2023-07-10 17:40:15 +02:00

28 lines
694 B
Kotlin
Raw Permalink Blame History

package com.example.app
import android.app.Activity
import android.os.Bundle
import android.webkit.WebSettings
import android.webkit.WebView
import android.webkit.WebViewClient
class UnsafeActivityKt : Activity() {
override fun onCreate(savedInstanceState : Bundle) {
val src : String = intent.extras.getString("url")
val wv = findViewById<WebView>(-1)
// Implicit not-nulls happening here
wv.settings.setJavaScriptEnabled(true)
wv.settings.setAllowFileAccessFromFileURLs(true)
wv.loadUrl(src) // $ hasUnsafeAndroidAccess
val wv2 = findViewById<WebView>(-1)
wv2.apply {
settings.setJavaScriptEnabled(true)
}
wv2.loadUrl(src) // $ hasUnsafeAndroidAccess
}
}
Reference in New Issue View Git Blame Copy Permalink