Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 28ad9d0

Browse files
egregius313egregius313
committed
Merge both setAllowContentAccess queries into one query
Previously, the query to detect whether or not access to `content://` links was done using two queries. Now they can be merged into one query
1 parent 35de551 commit 28ad9d0

7 files changed

Lines changed: 21 additions & 31 deletions

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql

Lines changed: 0 additions & 21 deletions
This file was deleted.

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.qhelp renamed to java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.qhelp

File renamed without changes.

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,19 @@ class WebViewDisallowContentAccessConfiguration extends TaintTracking::Configura
9494
}
9595
}
9696

97-
from WebViewSource source
98-
where not any(WebViewDisallowContentAccessConfiguration cfg).hasFlow(source, _)
99-
select source,
97+
from Expr e
98+
where
99+
// explicit: setAllowContentAccess(true)
100+
exists(MethodAccess ma |
101+
ma = e and
102+
ma.getMethod() instanceof AllowContentAccessMethod and
103+
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
104+
)
105+
or
106+
// implicit: no setAllowContentAccess(false)
107+
exists(WebViewSource source |
108+
source.asExpr() = e and
109+
not any(WebViewDisallowContentAccessConfiguration cfg).hasFlow(source, _)
110+
)
111+
select e,
100112
"Sensitive information may be exposed via a malicious link due to access of content:// links being permitted."

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.expected

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,10 @@
11
| WebViewContentAccess.java:15:9:15:57 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
22
| WebViewContentAccess.java:38:9:38:55 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
3+
| WebViewContentAccess.java:41:25:41:49 | (...)... | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
34
| WebViewContentAccess.java:43:9:43:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
5+
| WebViewContentAccess.java:46:25:46:41 | new WebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
46
| WebViewContentAccess.java:48:9:48:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
7+
| WebViewContentAccess.java:51:25:51:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
58
| WebViewContentAccess.java:53:9:53:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
9+
| WebViewContentAccess.java:55:29:55:48 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
10+
| WebViewContentAccess.java:57:25:57:44 | getAWebView(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.qlref

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql
1+
Security/CWE/CWE-200/AndroidWebViewSettingsPermitsContentAccess.ql

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccessDataFlow.expected

Lines changed: 0 additions & 5 deletions
This file was deleted.

java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccessDataFlow.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

0 commit comments

Comments
 (0)