We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent b359802 commit 5a480bfCopy full SHA for 5a480bf
java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
@@ -1,5 +1,6 @@
1
/**
2
* @name Unsafe resource fetching in Android webview
3
+ * @id java/android/unsafe-android-webview-fetch
4
* @description JavaScript rendered inside WebViews can access any protected application file and web resource from any origin
5
* @kind path-problem
6
* @tags security
@@ -11,6 +12,7 @@ import java
11
12
import semmle.code.java.frameworks.android.Intent
13
import semmle.code.java.frameworks.android.WebView
14
import semmle.code.java.dataflow.FlowSources
15
+import DataFlow::PathGraph
16
17
18
* Methods allowing any-local-file and cross-origin access in the WebSettings class
0 commit comments