Java: Add parameters of @JavascriptInterface methods as a remote flow sources

egregius313 · egregius313 · commit ab7ca1d6429e · 2023-01-03T15:31:40.000-05:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -298,3 +298,16 @@ class OnActivityResultIntentSource extends OnActivityResultIncomingIntent, Remot
 
   override string getSourceType() { result = "Android onActivityResult incoming Intent" }
 }
+
+/**
+ * A parameter of a method annotated with the `android.webkit.JavascriptInterface` method
+ */
+class AndroidJavascriptInterfaceMethodParameter extends RemoteFlowSource {
+  AndroidJavascriptInterfaceMethodParameter() {
+    exists(JavascriptInterfaceMethod m | this.asParameter() = m.getAParameter())
+  }
+
+  override string getSourceType() {
+    result = "Parameter of method with JavascriptInterface annotation"
+  }
+}
diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll
@@ -127,3 +127,10 @@ class CreateFromParcelMethod extends Method {
     this.getEnclosingCallable().getDeclaringType().getAnAncestor() instanceof TypeParcelable
   }
 }
+
+/**
+ * A method annotated with the `android.webkit.JavascriptInterface` annotation.
+ */
+class JavascriptInterfaceMethod extends Method {
+  JavascriptInterfaceMethod() { this.hasAnnotation("android.webkit", "JavascriptInterface") }
+}

Original file line number	Diff line number	Diff line change
`@@ -127,3 +127,10 @@ class CreateFromParcelMethod extends Method {`
`127`	`127`	`this.getEnclosingCallable().getDeclaringType().getAnAncestor() instanceof TypeParcelable`
`128`	`128`	`}`
`129`	`129`	`}`
	`130`	`+`
	`131`	`+/**`
	`132`	+ * A method annotated with the `android.webkit.JavascriptInterface` annotation.
	`133`	`+ */`
	`134`	`+class JavascriptInterfaceMethod extends Method {`
	`135`	`+ JavascriptInterfaceMethod() { this.hasAnnotation("android.webkit", "JavascriptInterface") }`
	`136`	`+}`