SONARKT-633 More extensive testing for S6363 (#594)

antonioaversa · web-flow · commit 4523e2c1150e · 2025-03-19T14:08:03.000+01:00
diff --git a/kotlin-checks-test-sources/src/main/kotlin/checks/WebViewsFileAccessCheckSample.kt b/kotlin-checks-test-sources/src/main/kotlin/checks/WebViewsFileAccessCheckSample.kt
@@ -2,55 +2,174 @@ package checks
 
 import android.webkit.WebSettings
 
-private const val MY_TRUE = true
+private val topLevelTrueVal = true
+private var topLevelTrueVar = true
 
 class WebViewsFileAccessCheckSample {
-    fun foo(settings: WebSettings, value: Boolean) {
+
+    private val classLevelTrueVal = true
+    private var classLevelTrueVar = true
+
+    // region non compliant scenarios
+
+    fun setPropertiesToTrue(settings: WebSettings) {
         settings.allowFileAccess = true // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                         ^^^^
-        settings.setAllowFileAccess(MY_TRUE) // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                          ^^^^^^^
+//                                 ^^^^
+        settings.allowFileAccessFromFileURLs = true // Noncompliant
+        settings.allowUniversalAccessFromFileURLs = true // Noncompliant
+        settings.allowContentAccess = true // Noncompliant
+    }
 
-        settings.allowFileAccess = false // Compliant
-        settings.setAllowFileAccess(false) // Compliant
-        settings.allowFileAccess = value // Compliant
-        settings.setAllowFileAccess(value) // Compliant
+    fun setPropertiesToTrueVal(settings: WebSettings) {
+        val trueVal = true
+        settings.allowFileAccess = trueVal // Noncompliant
+        settings.allowFileAccessFromFileURLs = trueVal // Noncompliant
+        settings.allowUniversalAccessFromFileURLs = trueVal // Noncompliant
+        settings.allowContentAccess = trueVal // Noncompliant
 
-        settings.allowContentAccess = true // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                            ^^^^
-        settings.setAllowContentAccess(true) // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                             ^^^^
+        settings.allowFileAccess = topLevelTrueVal // Noncompliant
+        settings.allowFileAccess = classLevelTrueVal // Noncompliant
+    }
 
-        settings.allowContentAccess = false // Compliant
-        settings.setAllowContentAccess(false) // Compliant
-        settings.allowContentAccess = value // Compliant
-        settings.setAllowContentAccess(value) // Compliant
+    fun setPropertiesToTrueVar(settings: WebSettings) {
+        var trueVar = true
+        settings.allowFileAccess = trueVar // FN, trueVar may have been changed since previous assignment
+        settings.allowFileAccessFromFileURLs = trueVar // FN, trueVar may have been changed since previous assignment
+        settings.allowUniversalAccessFromFileURLs = trueVar // FN, trueVar may have been changed since previous assignment
+        settings.allowContentAccess = trueVar // FN, trueVar may have been changed since previous assignment
 
-        settings.allowFileAccessFromFileURLs = true // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                                     ^^^^
-        settings.setAllowFileAccessFromFileURLs(true) // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                                      ^^^^
+        settings.allowFileAccess = topLevelTrueVar // FN, topLevelTrueVar may have been changed since top-level assignment
+        settings.allowFileAccess = classLevelTrueVar // FN, classLevelTrueVar may have been changed since instance init
+    }
 
-        settings.allowFileAccessFromFileURLs = false // Compliant
-        settings.setAllowFileAccessFromFileURLs(false) // Compliant
-        settings.allowFileAccessFromFileURLs = value // Compliant
-        settings.setAllowFileAccessFromFileURLs(value) // Compliant
+    fun usingSettersWithTrue(settings: WebSettings) {
+        settings.setAllowFileAccess(true) // Noncompliant
+//                                  ^^^^
+        settings.setAllowFileAccessFromFileURLs(true) // Noncompliant
+        settings.setAllowUniversalAccessFromFileURLs(true) // Noncompliant
+        settings.setAllowContentAccess(true) // Noncompliant
+    }
 
-        settings.allowUniversalAccessFromFileURLs = true // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                                          ^^^^
-        settings.setAllowUniversalAccessFromFileURLs(true) // Noncompliant {{Make sure that enabling file access is safe here.}}
-        //                                           ^^^^
+    fun usingApplyWithTrue(settings: WebSettings) {
+        settings.apply {
+            allowFileAccess = true // Noncompliant
+//                            ^^^^
+            allowFileAccessFromFileURLs = true // Noncompliant
+            allowUniversalAccessFromFileURLs = true // Noncompliant
+            allowContentAccess = true // Noncompliant
+        }
+    }
 
-        settings.allowUniversalAccessFromFileURLs = false // Compliant
-        settings.setAllowUniversalAccessFromFileURLs(false) // Compliant
-        settings.allowUniversalAccessFromFileURLs = value // Compliant
-        settings.setAllowUniversalAccessFromFileURLs(value) // Compliant
+    fun usingSettersWithTrueViaApply(settings: WebSettings) {
+        settings.apply {
+            setAllowFileAccess(true) // Noncompliant
+//                             ^^^^
+            setAllowFileAccessFromFileURLs(true) // Noncompliant
+            setAllowUniversalAccessFromFileURLs(true) // Noncompliant
+            setAllowContentAccess(true) // Noncompliant
+        }
+    }
+
+    fun usingWithWithTrue(settings: WebSettings) {
+        with(settings) {
+            allowFileAccess = true // Noncompliant
+//                            ^^^^
+            allowFileAccessFromFileURLs = true // Noncompliant
+            allowUniversalAccessFromFileURLs = true // Noncompliant
+            allowContentAccess = true // Noncompliant
+        }
+    }
+
+    fun usingLetWithTrue(settings: WebSettings) {
+        settings.let {
+            it.allowFileAccess = true // Noncompliant
+//                               ^^^^
+            it.allowFileAccessFromFileURLs = true // Noncompliant
+            it.allowUniversalAccessFromFileURLs = true // Noncompliant
+            it.allowContentAccess = true // Noncompliant
+        }
     }
 
-    fun coverage(a: Boolean) {
-        var x = false
-        if (a != true) {
-            x = true
+    fun usingSafeCallToLetWithTrue(settings: WebSettings?) {
+        settings?.let { namedIt ->
+            namedIt.allowFileAccess = true // Noncompliant
+            namedIt.allowFileAccessFromFileURLs = true // Noncompliant
+            namedIt.allowUniversalAccessFromFileURLs = true // Noncompliant
+            namedIt.allowContentAccess = true // Noncompliant
         }
     }
+
+    fun assigningFunToAnotherFun(settings: WebSettings) {
+        val fun1 = settings::setAllowFileAccess
+        fun1(true) // FN, requires data flow analysis
+    }
+
+    fun assigningConstantBooleanExpression(settings: WebSettings) {
+        settings.allowFileAccess = true || false // FN, requires resolving complex constant expressions
+    }
+
+    // endregion
+
+    // region compliant scenarios
+
+    fun getProperties(settings: WebSettings) {
+        val allowFileAccess = settings.allowFileAccess // Compliant
+        val allowFileAccessFromFileURLs = settings.allowFileAccessFromFileURLs // Compliant
+        val allowUniversalAccessFromFileURLs = settings.allowUniversalAccessFromFileURLs // Compliant
+        val allowContentAccess = settings.allowContentAccess // Compliant
+    }
+
+    fun toggleProperties(settings: WebSettings) {
+        settings.allowFileAccess = !settings.allowFileAccess // Compliant
+        settings.allowFileAccessFromFileURLs = !settings.allowFileAccessFromFileURLs // Compliant
+        settings.allowUniversalAccessFromFileURLs = !settings.allowUniversalAccessFromFileURLs // Compliant
+        settings.allowContentAccess = !settings.allowContentAccess // Compliant
+    }
+
+    fun setPropertiesToFalse(settings: WebSettings) {
+        settings.allowFileAccess = false // Compliant
+        settings.allowFileAccessFromFileURLs = false // Compliant
+        settings.allowUniversalAccessFromFileURLs = false // Compliant
+        settings.allowContentAccess = false // Compliant
+    }
+
+    fun setPropertiesToFalseVal(settings: WebSettings) {
+        val falseVal = false
+        settings.allowFileAccess = falseVal // Compliant, guaranteed to be false
+        settings.allowFileAccessFromFileURLs = falseVal // Compliant, guaranteed to be false
+        settings.allowUniversalAccessFromFileURLs = falseVal // Compliant, guaranteed to be false
+        settings.allowContentAccess = falseVal // Compliant, guaranteed to be false
+    }
+
+    fun setPropertiesToFalseVar(settings: WebSettings) {
+        var falseVar = false
+        settings.allowFileAccess = falseVar // Compliant, value may still be false
+        settings.allowFileAccessFromFileURLs = falseVar // Compliant, value may still be false
+        settings.allowUniversalAccessFromFileURLs = falseVar // Compliant, value may still be false
+        settings.allowContentAccess = falseVar // Compliant, value may still be false
+    }
+
+    fun setPropertiesToBooleanParam(settings: WebSettings, value: Boolean) {
+        settings.allowFileAccess = value // Compliant, value may be false
+        settings.allowFileAccessFromFileURLs = value // Compliant, value may be false
+        settings.allowUniversalAccessFromFileURLs = value // Compliant, value may be false
+        settings.allowContentAccess = value // Compliant, value may be false
+    }
+
+    fun usingSettersWithFalse(settings: WebSettings) {
+        settings.setAllowFileAccess(false) // Compliant, value is false
+        settings.setAllowFileAccessFromFileURLs(false) // Compliant, value is false
+        settings.setAllowUniversalAccessFromFileURLs(false) // Compliant, value is false
+        settings.setAllowContentAccess(false) // Compliant, value is false
+    }
+
+    fun notAWebSettingsObject(settings: NotAWebSettings) {
+        settings.allowFileAccess = true // Compliant, not a WebSettings object from android.webkit
+    }
+
+    class NotAWebSettings {
+        var allowFileAccess: Boolean = false
+    }
+
+    // endregion
 }
diff --git a/kotlin-checks-test-sources/src/main/kotlin/checks/WebViewsFileAccessCheckSampleNoSemantics.kt b/kotlin-checks-test-sources/src/main/kotlin/checks/WebViewsFileAccessCheckSampleNoSemantics.kt
@@ -0,0 +1,108 @@
+package checks
+
+import android.webkit.WebSettings
+
+class WebViewsFileAccessCheckSampleNoSemantics {
+
+    // region non compliant scenarios
+
+    fun noSemantics_setPropertiesToTrue(settings: WebSettings) {
+        settings.allowFileAccess = true // FN
+        settings.allowFileAccessFromFileURLs = true // FN
+        settings.allowUniversalAccessFromFileURLs = true // FN
+        settings.allowContentAccess = true // FN
+    }
+
+    fun noSemantics_usingApplyWithTrue(settings: WebSettings) {
+        settings.apply {
+            allowFileAccess = true // FN
+            allowFileAccessFromFileURLs = true // FN
+            allowUniversalAccessFromFileURLs = true // FN
+            allowContentAccess = true // FN
+        }
+    }
+
+    fun noSemantics_usingWithWithTrue(settings: WebSettings) {
+        with(settings) {
+            allowFileAccess = true // FN
+            allowFileAccessFromFileURLs = true // FN
+            allowUniversalAccessFromFileURLs = true // FN
+            allowContentAccess = true // FN
+        }
+    }
+
+    fun noSemantics_usingLetWithTrue(settings: WebSettings) {
+        settings.let {
+            it.allowFileAccess = true // FN
+            it.allowFileAccessFromFileURLs = true // FN
+            it.allowUniversalAccessFromFileURLs = true // FN
+            it.allowContentAccess = true // FN
+        }
+    }
+
+    // endregion
+
+    // region compliant scenarios
+
+    fun noSemantics_getProperties(settings: WebSettings) {
+        val allowFileAccess = settings.allowFileAccess // Compliant
+        val allowFileAccessFromFileURLs = settings.allowFileAccessFromFileURLs // Compliant
+        val allowUniversalAccessFromFileURLs = settings.allowUniversalAccessFromFileURLs // Compliant
+        val allowContentAccess = settings.allowContentAccess // Compliant
+    }
+
+    fun noSemantics_toggleProperties(settings: WebSettings) {
+        settings.allowFileAccess = !settings.allowFileAccess // Compliant
+        settings.allowFileAccessFromFileURLs = !settings.allowFileAccessFromFileURLs // Compliant
+        settings.allowUniversalAccessFromFileURLs = !settings.allowUniversalAccessFromFileURLs // Compliant
+        settings.allowContentAccess = !settings.allowContentAccess // Compliant
+    }
+
+    fun noSemantics_setPropertiesToFalse(settings: WebSettings) {
+        settings.allowFileAccess = false // Compliant
+        settings.allowFileAccessFromFileURLs = false // Compliant
+        settings.allowUniversalAccessFromFileURLs = false // Compliant
+        settings.allowContentAccess = false // Compliant
+    }
+
+    fun noSemantics_setPropertiesToFalseVal(settings: WebSettings) {
+        val falseVal = false
+        settings.allowFileAccess = falseVal // Compliant, guaranteed to be false
+        settings.allowFileAccessFromFileURLs = falseVal // Compliant, guaranteed to be false
+        settings.allowUniversalAccessFromFileURLs = falseVal // Compliant, guaranteed to be false
+        settings.allowContentAccess = falseVal // Compliant, guaranteed to be false
+    }
+
+    fun noSemantics_setPropertiesToFalseVar(settings: WebSettings) {
+        var falseVar = false
+        settings.allowFileAccess = falseVar // Compliant, value may still be false
+        settings.allowFileAccessFromFileURLs = falseVar // Compliant, value may still be false
+        settings.allowUniversalAccessFromFileURLs = falseVar // Compliant, value may still be false
+        settings.allowContentAccess = falseVar // Compliant, value may still be false
+    }
+
+    fun noSemantics_setPropertiesToBooleanParam(settings: WebSettings, value: Boolean) {
+        settings.allowFileAccess = value // Compliant, value may be false
+        settings.allowFileAccessFromFileURLs = value // Compliant, value may be false
+        settings.allowUniversalAccessFromFileURLs = value // Compliant, value may be false
+        settings.allowContentAccess = value // Compliant, value may be false
+    }
+
+    fun noSemantics_usingSettersWithFalse(settings: WebSettings) {
+        settings.setAllowFileAccess(false) // Compliant, value is false
+        settings.setAllowFileAccessFromFileURLs(false) // Compliant, value is false
+        settings.setAllowUniversalAccessFromFileURLs(false) // Compliant, value is false
+        settings.setAllowContentAccess(false) // Compliant, value is false
+    }
+
+    fun noSemantics_notAWebSettingsObject(settings: NoSemantics_NotAWebSettings) {
+        settings.allowFileAccess = true // Compliant, not a WebSettings object from android.webkit
+    }
+
+    class NoSemantics_NotAWebSettings {
+        var allowFileAccess: Boolean = false
+    }
+
+    // endregion
+
+}
diff --git a/sonar-kotlin-checks/src/test/java/org/sonarsource/kotlin/checks/WebViewsFileAccessCheckTest.kt b/sonar-kotlin-checks/src/test/java/org/sonarsource/kotlin/checks/WebViewsFileAccessCheckTest.kt
@@ -16,4 +16,4 @@
  */
 package org.sonarsource.kotlin.checks
 
-class WebViewsFileAccessCheckTest : CheckTest(WebViewsFileAccessCheck())
+class WebViewsFileAccessCheckTest : CheckTestWithNoSemantics(WebViewsFileAccessCheck())
