Java: WebView setAllowContentAccess query test cases

egregius313 · egregius313 · commit 7cc53126f378 · 2022-12-31T15:00:28.000-05:00
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.expected
@@ -0,0 +1 @@
+| WebViewContentAccess.java:10:9:10:44 | setAllowContentAccess(...) | Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. |
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.java
@@ -0,0 +1,18 @@
+package com.example.test;
+
+import android.webkit.WebView;
+import android.webkit.WebSettings;
+
+public class WebViewContentAccess {
+    void configureWebViewUnsafe(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        settings.setAllowContentAccess(true);
+    }
+
+    void configureWebViewSafe(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        settings.setAllowContentAccess(false);
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/WebViewContentAccess.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| WebViewContentAccess.java:10:9:10:44 \| setAllowContentAccess(...) \| Sensitive information may be exposed via a malicious link due to access of content:// links being permitted. \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Security/CWE/CWE-200/AndroidWebViewSettingsContentAccess.ql`