Java: add test cases for setJavaScriptEnabled query

egregius313 · egregius313 · commit 113257262055 · 2022-11-14T14:33:12.000-05:00
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java b/java/ql/test/query-tests/security/CWE-079/semmle/tests/SetJavascriptEnabled.java
@@ -0,0 +1,18 @@
+package com.example.test;
+
+import android.webkit.WebView;
+import android.webkit.WebSettings;
+
+public class SetJavascriptEnabled {
+    public static void configureWebViewUnsafe(WebView view) {
+        WebSettings settings = view.getSettings();
+        settings.setJavaScriptEnabled(true); // $javascriptEnabled
+    }
+
+    public static void configureWebViewSafe(WebView view) {
+        WebSettings settings = view.getSettings();
+
+        // Safe: Javascript disabled
+        settings.setJavaScriptEnabled(false);
+    }
+}
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.expected b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.expected
@@ -0,0 +1 @@
+| SetJavascriptEnabled.java:9:9:9:43 | setJavaScriptEnabled(...) | JavaScript execution enabled in WebView. |
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref b/java/ql/test/query-tests/security/CWE-079/semmle/tests/WebViewSetEnabledJavaScript.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
diff --git a/java/ql/test/query-tests/security/CWE-079/semmle/tests/options b/java/ql/test/query-tests/security/CWE-079/semmle/tests/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| SetJavascriptEnabled.java:9:9:9:43 \| setJavaScriptEnabled(...) \| JavaScript execution enabled in WebView. \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql`
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/javax-ws-rs-api-2.1.1/:${testdir}/../../../../../stubs/springframework-5.3.8:${testdir}/../../../../../stubs/javax-faces-2.3/:${testdir}/../../../../../stubs/google-android-9.0.0`