Added query to find android webview setting

shivasurya / code-pathfinder

Code Pathfinder, the open-source alternative to CodeQL. Designed for precise flow analysis and advanced structural search, it identifies vulnerabilities in source code.

https://codepathfinder.dev/

GNU Affero General Public License v3.0

32 stars 6 forks source link

Added query to find android webview setting #79

Closed shivasurya closed 1 month ago

shivasurya commented 1 month ago

/**
 * @name Android WebView JavaScript settings
 * @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
 * @kind problem
 * @id java/android/websettings-javascript-enabled
 * @problem.severity warning
 * @security-severity 6.1
 * @precision medium
 * @tags security
 * external/cwe/cwe-079
 */
FIND method_invocation WHERE name = 'setJavaScriptEnabled' AND argumentname = 'true'