Add a new test for

Author: atorralba

java/ql/src/semmle/code/java/security/UnsafeAndroidAccess.qll

@@ -78,10 +78,7 @@ private class JavaScriptEnabledUrlResourceSink extends UrlResourceSink {
 private class CrossOriginAccessMethod extends Method {
   CrossOriginAccessMethod() {
     this.getDeclaringType() instanceof TypeWebSettings and
-    (
-      this.hasName("setAllowUniversalAccessFromFileURLs") or
-      this.hasName("setAllowFileAccessFromFileURLs")
-    )
+    this.hasName(["setAllowUniversalAccessFromFileURLs", "setAllowFileAccessFromFileURLs"])
   }
 }
 

java/ql/test/query-tests/security/CWE-749/app/UnsafeAndroidAccess.java

@@ -12,14 +12,14 @@ public void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 		setContentView(R.layout.webview);
 		testJavaScriptEnabledWebView();
-		testCrossOriginEnabledWebView();
+		testUniversalFileAccessEnabledWebView();
+		testFileAccessEnabledWebView();
 		testSafeWebView();
 	}
 
 	private void testJavaScriptEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
-
 		webSettings.setJavaScriptEnabled(true);
 
 		wv.setWebViewClient(new WebViewClient() {
@@ -36,7 +36,7 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
-	private void testCrossOriginEnabledWebView() {
+	private void testUniversalFileAccessEnabledWebView() {
 		WebView wv = (WebView) findViewById(R.id.my_webview);
 		WebSettings webSettings = wv.getSettings();
 		webSettings.setAllowUniversalAccessFromFileURLs(true);
@@ -55,6 +55,25 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
 		wv.loadUrl("https://www.mycorp.com"); // Safe
 	}
 
+	private void testFileAccessEnabledWebView() {
+		WebView wv = (WebView) findViewById(R.id.my_webview);
+		WebSettings webSettings = wv.getSettings();
+		webSettings.setAllowFileAccessFromFileURLs(true);
+
+		wv.setWebViewClient(new WebViewClient() {
+			@Override
+			public boolean shouldOverrideUrlLoading(WebView view, String url) {
+				view.loadUrl(url);
+				return true;
+			}
+		});
+
+		String thisUrl = getIntent().getStringExtra("url");
+		wv.loadUrl(thisUrl); // $hasUnsafeAndroidAccess
+		wv.loadUrl("https://www.mycorp.com/" + thisUrl); // Safe
+		wv.loadUrl("https://www.mycorp.com"); // Safe
+	}
+
 	private void testSafeWebView() {
 		WebView wv = (WebView) findViewById(-1);
 

java/ql/test/stubs/android/android/webkit/WebSettings.java

@@ -28,4 +28,7 @@ public void setJavaScriptEnabled(boolean b) {
 
   public void setAllowUniversalAccessFromFileURLs(boolean b) {
   }
+
+  public void setAllowFileAccessFromFileURLs(boolean b) {
+  }
 }