hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-01 05:08:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1ff04cd952225bd8a9cbd8074a210b0475694a5
codeql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql

18 lines
567 B
Plaintext
Raw Blame History

/**
* @id java/android-webview-addjavascriptinterface
* @description Exposing a Javascript interface to a Java object in a WebView can lead to malicious JavaScript controlling the application.
* @kind problem
* @problem.severity warning
* @security-severity 6.1
* @precision high
* @tags security
* external/cwe/cwe-079
*/
import java
import semmle.code.java.frameworks.android.WebView
from MethodAccess ma
where ma.getMethod() instanceof WebViewAddJavascriptInterfaceMethod
select ma, "JavaScript interface to Java object added in Android WebView."
Reference in New Issue View Git Blame Copy Permalink