hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-749/UnsafeAndroidBroadcastReceiver.java
Tony Torralba d99b5bfc66 Reuse previous tests from experimental
2021-05-10 11:17:20 +02:00

36 lines
998 B
Java
Raw Permalink Blame History

package com.example.app;
import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.BroadcastReceiver;
import android.os.Bundle;
import android.webkit.WebSettings;
import android.webkit.WebView;
import android.webkit.WebViewClient;
public class UnsafeAndroidBroadcastReceiver extends BroadcastReceiver {
// Test onCreate with JavaScript enabled but cross-origin resource access disabled while taking
// remote user inputs
@Override
public void onReceive(Context context, Intent intent) {
String thisUrl = intent.getStringExtra("url");
WebView wv = null;
WebSettings webSettings = wv.getSettings();
webSettings.setJavaScriptEnabled(true);
webSettings.setAllowFileAccessFromFileURLs(true);
wv.setWebViewClient(new WebViewClient() {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
});
wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
}
}
Reference in New Issue View Git Blame Copy Permalink