hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9988c19a429d67b9613d07570165961fa48fbca6
codeql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
Tony Torralba 345c383acc Fix new Android queries' IDs
2022-12-21 09:36:57 +01:00

21 lines
619 B
Plaintext
Raw Blame History

/**
* @name Android WebView JavaScript settings
* @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
* @kind problem
* @id java/android/websettings-javascript-enabled
* @problem.severity warning
* @security-severity 6.1
* @precision medium
* @tags security
* external/cwe/cwe-079
*/
import java
import semmle.code.java.frameworks.android.WebView
from MethodAccess ma
where
ma.getMethod() instanceof AllowJavaScriptMethod and
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
select ma, "JavaScript execution enabled in WebView."
Reference in New Issue View Git Blame Copy Permalink