mirror of
https://github.com/github/codeql.git
synced 2025-12-19 02:13:17 +01:00
121 lines
3.4 KiB
Java
121 lines
3.4 KiB
Java
package com.example.app;
|
|
|
|
import android.app.Activity;
|
|
|
|
import android.os.Bundle;
|
|
|
|
import android.webkit.WebSettings;
|
|
import android.webkit.WebView;
|
|
import android.webkit.WebViewClient;
|
|
|
|
public class UnsafeAndroidAccess extends Activity {
|
|
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from bundle extras
|
|
public void testOnCreate1(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(-1);
|
|
|
|
WebView wv = (WebView) findViewById(-1);
|
|
WebSettings webSettings = wv.getSettings();
|
|
|
|
webSettings.setJavaScriptEnabled(true);
|
|
webSettings.setAllowFileAccessFromFileURLs(true);
|
|
|
|
wv.setWebViewClient(new WebViewClient() {
|
|
@Override
|
|
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
|
view.loadUrl(url);
|
|
return true;
|
|
}
|
|
});
|
|
|
|
String thisUrl = getIntent().getExtras().getString("url");
|
|
wv.loadUrl(thisUrl);
|
|
}
|
|
|
|
//Test onCreate with both JavaScript and cross-origin resource access enabled while taking remote user inputs from string extra
|
|
public void testOnCreate2(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(-1);
|
|
|
|
WebView wv = (WebView) findViewById(-1);
|
|
WebSettings webSettings = wv.getSettings();
|
|
|
|
webSettings.setJavaScriptEnabled(true);
|
|
webSettings.setAllowFileAccessFromFileURLs(true);
|
|
|
|
wv.setWebViewClient(new WebViewClient() {
|
|
@Override
|
|
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
|
view.loadUrl(url);
|
|
return true;
|
|
}
|
|
});
|
|
|
|
String thisUrl = getIntent().getStringExtra("url");
|
|
wv.loadUrl(thisUrl);
|
|
}
|
|
|
|
//Test onCreate with both JavaScript and cross-origin resource access disabled by default while taking remote user inputs
|
|
public void testOnCreate3(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(-1);
|
|
|
|
WebView wv = (WebView) findViewById(-1);
|
|
WebSettings webSettings = wv.getSettings();
|
|
|
|
wv.setWebViewClient(new WebViewClient() {
|
|
@Override
|
|
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
|
view.loadUrl(url);
|
|
return true;
|
|
}
|
|
});
|
|
|
|
String thisUrl = getIntent().getStringExtra("url");
|
|
wv.loadUrl(thisUrl);
|
|
}
|
|
|
|
//Test onCreate with JavaScript enabled but cross-origin resource access disabled while taking remote user inputs
|
|
public void testOnCreate4(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(-1);
|
|
|
|
WebView wv = (WebView) findViewById(-1);
|
|
WebSettings webSettings = wv.getSettings();
|
|
|
|
webSettings.setJavaScriptEnabled(true);
|
|
|
|
wv.setWebViewClient(new WebViewClient() {
|
|
@Override
|
|
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
|
view.loadUrl(url);
|
|
return true;
|
|
}
|
|
});
|
|
|
|
String thisUrl = getIntent().getStringExtra("url");
|
|
wv.loadUrl(thisUrl);
|
|
}
|
|
|
|
//Test onCreate with both JavaScript and cross-origin resource access enabled while not taking remote user inputs
|
|
public void testOnCreate5(Bundle savedInstanceState) {
|
|
super.onCreate(savedInstanceState);
|
|
setContentView(-1);
|
|
|
|
WebView wv = (WebView) findViewById(-1);
|
|
WebSettings webSettings = wv.getSettings();
|
|
|
|
webSettings.setJavaScriptEnabled(true);
|
|
webSettings.setAllowFileAccessFromFileURLs(true);
|
|
|
|
wv.setWebViewClient(new WebViewClient() {
|
|
@Override
|
|
public boolean shouldOverrideUrlLoading(WebView view, String url) {
|
|
view.loadUrl(url);
|
|
return true;
|
|
}
|
|
});
|
|
|
|
wv.loadUrl("https://www.mycorp.com");
|
|
}
|
|
} |