Add a new test for

atorralba · atorralba · commit b69261727db0 · 2021-05-06T13:26:25.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll b/java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll
@@ -78,10 +78,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {
 private class CrossOriginAccessMethod extends Method {
   CrossOriginAccessMethod() {
     this.getDeclaringType() instanceof TypeWebSettings and
-    (
-      this.hasName("setAllowUniversalAccessFromFileURLs") or
-      this.hasName("setAllowFileAccessFromFileURLs")
-    )
+    this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])
   }
 }
 
diff --git a/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java b/java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java
@@ -12,14 +12,14 @@ public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(R.layout.webview);
 		testJavaScriptEnabledWebView();
-		testCrossOriginEnabledWebView();
+		testUniversalFileAccessEnabledWebView();
+		testFileAccessEnabledWebView();
 		testSafeWebView();
 	}
 
 	private void testJavaScriptEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
-
 		webSettings.setJavaScriptEnabled(true);
 
 		wv.setWebViewClient(new WebViewClient() {
@@ -36,7 +36,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
-	private void testCrossOriginEnabledWebView() {
+	private void testUniversalFileAccessEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
 		webSettings.setAllowUniversalAccessFromFileURLs(true);
@@ -55,6 +55,25 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
+	private void testFileAccessEnabledWebView() {
+		WebView wv = (WebView) findViewById(R.id.my_webview);
+		WebSettings webSettings = wv.getSettings();
+		webSettings.setAllowFileAccessFromFileURLs(true);
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		String thisUrl = getIntent().getStringExtra("url");
+		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com"); // Safe
+	}
+
 	private void testSafeWebView() {
 		WebView wv = (WebView) findViewById(-1);
 
diff --git a/java/ql/test/stubs/android/android/webkit/WebSettings.java b/java/ql/test/stubs/android/android/webkit/WebSettings.java
@@ -28,4 +28,7 @@ public void setJavaScriptEnabled(boolean b) {
 
   public void setAllowUniversalAccessFromFileURLs(boolean b) {
   }
+
+  public void setAllowFileAccessFromFileURLs(boolean b) {
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -78,10 +78,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {`
`78`	`78`	`private class CrossOriginAccessMethod extends Method {`
`79`	`79`	`CrossOriginAccessMethod() {`
`80`	`80`	`this.getDeclaringType() instanceof TypeWebSettings and`
`81`		`- (`
`82`		`- this.hasName("setAllowUniversalAccessFromFileURLs") or`
`83`		`- this.hasName("setAllowFileAccessFromFileURLs")`
`84`		`- )`
	`81`	`+ this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])`
`85`	`82`	`}`
`86`	`83`	`}`
`87`	`84`
Original file line number	Diff line number	Diff line change
`@@ -28,4 +28,7 @@ public void setJavaScriptEnabled(boolean b) {`
`28`	`28`
`29`	`29`	`public void setAllowUniversalAccessFromFileURLs(boolean b) {`
`30`	`30`	`}`
	`31`	`+`
	`32`	`+ public void setAllowFileAccessFromFileURLs(boolean b) {`
	`33`	`+ }`
`31`	`34`	`}`