Merge pull request #4508 from smowton/smowton/fix/droid-webview-test-data

aschackmull · web-flow · commit 4ce41854a4de · 2020-10-19T16:29:20.000+02:00
Fix test data for WebView experimental query
diff --git a/java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.expected b/java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidAccess.expected
@@ -1,3 +1,15 @@
+edges
+| UnsafeAndroidAccess.java:29:20:29:59 | getString(...) : String | UnsafeAndroidAccess.java:30:14:30:20 | thisUrl |
+| UnsafeAndroidAccess.java:52:20:52:52 | getStringExtra(...) : String | UnsafeAndroidAccess.java:53:14:53:20 | thisUrl |
+| UnsafeAndroidAccess.java:94:20:94:52 | getStringExtra(...) : String | UnsafeAndroidAccess.java:95:14:95:20 | thisUrl |
+nodes
+| UnsafeAndroidAccess.java:29:20:29:59 | getString(...) : String | semmle.label | getString(...) : String |
+| UnsafeAndroidAccess.java:30:14:30:20 | thisUrl | semmle.label | thisUrl |
+| UnsafeAndroidAccess.java:52:20:52:52 | getStringExtra(...) : String | semmle.label | getStringExtra(...) : String |
+| UnsafeAndroidAccess.java:53:14:53:20 | thisUrl | semmle.label | thisUrl |
+| UnsafeAndroidAccess.java:94:20:94:52 | getStringExtra(...) : String | semmle.label | getStringExtra(...) : String |
+| UnsafeAndroidAccess.java:95:14:95:20 | thisUrl | semmle.label | thisUrl |
+#select
 | UnsafeAndroidAccess.java:30:3:30:21 | loadUrl(...) | UnsafeAndroidAccess.java:29:20:29:59 | getString(...) : String | UnsafeAndroidAccess.java:30:14:30:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:29:20:29:59 | getString(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
 | UnsafeAndroidAccess.java:53:3:53:21 | loadUrl(...) | UnsafeAndroidAccess.java:52:20:52:52 | getStringExtra(...) : String | UnsafeAndroidAccess.java:53:14:53:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:52:20:52:52 | getStringExtra(...) | user input vulnerable to cross-origin and sensitive resource disclosure attacks |
 | UnsafeAndroidAccess.java:95:3:95:21 | loadUrl(...) | UnsafeAndroidAccess.java:94:20:94:52 | getStringExtra(...) : String | UnsafeAndroidAccess.java:95:14:95:20 | thisUrl | Unsafe resource fetching in Android webview due to $@. | UnsafeAndroidAccess.java:94:20:94:52 | getStringExtra(...) | user input vulnerable to XSS attacks |
