Add new sink for Android XSS

atorralba · atorralba · commit e2e65aca3c89 · 2021-05-07T12:25:19.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/XSS.qll b/java/ql/src/semmle/code/java/security/XSS.qll
@@ -36,7 +36,8 @@ private class DefaultXssSinkModel extends SinkModelCsv {
       [
         "javax.servlet.http;HttpServletResponse;false;sendError;(int,String);;Argument[1];xss",
         "android.webkit;WebView;false;loadData;;;Argument[0];xss",
-        "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss"
+        "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss",
+        "android.webkit;WebView;false;evaluateJavascript;;;Argument[0];xss"
       ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,8 @@ private class DefaultXssSinkModel extends SinkModelCsv {`
`36`	`36`	`[`
`37`	`37`	`"javax.servlet.http;HttpServletResponse;false;sendError;(int,String);;Argument[1];xss",`
`38`	`38`	`"android.webkit;WebView;false;loadData;;;Argument[0];xss",`
`39`		`- "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss"`
	`39`	`+ "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss",`
	`40`	`+ "android.webkit;WebView;false;evaluateJavascript;;;Argument[0];xss"`
`40`	`41`	`]`
`41`	`42`	`}`
`42`	`43`	`}`