search

urbanairship / android-library

Urban Airship Android SDK
Other
109 stars 123 forks source link

Veracode Volnerability Issue in MediaView.java #207

Closed rkaartikeyan closed 2 years ago

rkaartikeyan commented 2 years ago

Preliminary Info

What Airship dependencies are you using?

Android: airshipVersion = "16.4.0"

What are the versions of any relevant development tools you are using?

React Native Framework

Report

What unexpected behavior are you seeing?

MediaView.java

Line no: 229

image

Description: The WebView wv has disabled safe browsing which puts the user at risk of browsing malicious or otherwise undesirable websites. The default is for safe browsing to be enabled.

Remediation: Do not disable safe browsing.

What is the expected behavior?

The above veracode issue should not appear during veracode scan.

What are the steps to reproduce the unexpected behavior?

  1. Build APK
  2. Scan with Veracode

Do you have logging for the issue?

N/A

rlepinski commented 2 years ago

Safe browsing defaults to the app settings. Are you override that in your manifest?

This issue is mitigated by a url allow list on the web view. We can take a look at forcing safe mode on our webviews in a future release, but it does not seem high priority at the moment.