hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 20:58:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f552a15aae325121ddf0c7c7810d4fba9632dfa1
codeql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
Chris Smowton f552a15aae Mass-rename MethodAccess -> MethodCall
2023-10-24 10:30:26 +01:00

19 lines
633 B
Plaintext
Raw Blame History

/**
* @name Access Java object methods through JavaScript exposure
* @id java/android/webview-addjavascriptinterface
* @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
* @kind problem
* @problem.severity warning
* @security-severity 6.1
* @precision medium
* @tags security
* external/cwe/cwe-079
*/
import java
import semmle.code.java.frameworks.android.WebView
from MethodCall ma
where ma.getMethod() instanceof WebViewAddJavascriptInterfaceMethod
select ma, "JavaScript interface to Java object added in Android WebView."
Reference in New Issue View Git Blame Copy Permalink