Java: Check the value of parameter in WebView file access query

Author: egregius313

java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql

@@ -14,7 +14,9 @@ import java
 import semmle.code.java.frameworks.android.WebView
 
 from MethodAccess ma
-where ma.getMethod() instanceof CrossOriginAccessMethod
+where
+  ma.getMethod() instanceof CrossOriginAccessMethod and
+  ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = true
 select ma,
   "WebView setting " + ma.getMethod().getName() +
     " may allow for unauthorized access of sensitive information."