10: Add WebViewPlugin
This commit is contained in:
Bartłomiej Pluta
@@ -137,4 +137,10 @@ public class PluginModule {
|
|||||||
public Plugin orderedAndStickyBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
public Plugin orderedAndStickyBroadcastPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
return new OrderedBroadcastPlugin(globMatcher, xmlHelper);
|
return new OrderedBroadcastPlugin(globMatcher, xmlHelper);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Provides
|
||||||
|
@IntoSet
|
||||||
|
public Plugin webViewPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
return new WebViewPlugin(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
51
src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java
Normal file
51
src/main/java/com/bartek/esa/core/plugin/WebViewPlugin.java
Normal file
@@ -0,0 +1,51 @@
|
|||||||
|
package com.bartek.esa.core.plugin;
|
||||||
|
|
||||||
|
import com.bartek.esa.core.archetype.JavaPlugin;
|
||||||
|
import com.bartek.esa.core.model.enumeration.Severity;
|
||||||
|
import com.bartek.esa.core.xml.XmlHelper;
|
||||||
|
import com.bartek.esa.file.matcher.GlobMatcher;
|
||||||
|
import com.github.javaparser.ast.CompilationUnit;
|
||||||
|
import com.github.javaparser.ast.expr.Expression;
|
||||||
|
import com.github.javaparser.ast.expr.MethodCallExpr;
|
||||||
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
|
||||||
|
public class WebViewPlugin extends JavaPlugin {
|
||||||
|
private static final String SETTINGS_METHODS = "addJavascriptInterface|setJavaScriptEnabled|setWebContentsDebuggingEnabled|setAllowFileAccess|setDomStorageEnabled";
|
||||||
|
|
||||||
|
@Inject
|
||||||
|
public WebViewPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
|
||||||
|
super(globMatcher, xmlHelper);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void run(CompilationUnit compilationUnit) {
|
||||||
|
compilationUnit.findAll(MethodCallExpr.class).stream()
|
||||||
|
.filter(expr -> expr.getName().getIdentifier().matches(SETTINGS_METHODS))
|
||||||
|
.forEach(this::issueMethod);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void issueMethod(MethodCallExpr methodCall) {
|
||||||
|
switch (methodCall.getName().getIdentifier()) {
|
||||||
|
case "addJavascriptInterface":
|
||||||
|
addIssue(Severity.VULNERABILITY, ".JS_INTERFACE", getLineNumberFromExpression(methodCall), methodCall.toString());
|
||||||
|
break;
|
||||||
|
case "setJavaScriptEnabled":
|
||||||
|
issueSettingsMethod(methodCall, ".JS_ENABLED");
|
||||||
|
break;
|
||||||
|
case "setWebContentsDebuggingEnabled":
|
||||||
|
issueSettingsMethod(methodCall, ".DEBUGGING_ENABLED");
|
||||||
|
break;
|
||||||
|
case "setAllowFileAccess":
|
||||||
|
issueSettingsMethod(methodCall, ".ALLOW_FILE_ACCESS");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void issueSettingsMethod(MethodCallExpr methodCall, String descriptionCode) {
|
||||||
|
Expression firstArg = methodCall.getArguments().get(0);
|
||||||
|
if (firstArg.isBooleanLiteralExpr() && firstArg.asBooleanLiteralExpr().getValue()) {
|
||||||
|
addIssue(Severity.INFO, descriptionCode, getLineNumberFromExpression(methodCall), methodCall.toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -118,4 +118,21 @@ com.bartek.esa.core.plugin.WorldAccessPermissionsPlugin=World access permissions
|
|||||||
Consider using less permissive mode.
|
Consider using less permissive mode.
|
||||||
|
|
||||||
com.bartek.esa.core.plugin.OrderedBroadcastPlugin=Sending ordered broadcast. Potential broadcast theft.\n\
|
com.bartek.esa.core.plugin.OrderedBroadcastPlugin=Sending ordered broadcast. Potential broadcast theft.\n\
|
||||||
Malicious applications can intercept ordered broadcasts, stop their propagation and resend with malicious data.
|
Malicious applications can intercept ordered broadcasts, stop their propagation and resend with malicious data.
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.WebViewPlugin.JS_INTERFACE=WebView with JavaScript interface. Potential malicious code injection.\n\
|
||||||
|
The WebView uses 'addJavascriptInterface' method which exposes public methods to JavaScript code. Loading JavaScript code \n\
|
||||||
|
from untrusted sources is a major security violation and should never be used.
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.WebViewPlugin.JS_ENABLED=JavaScript enabled in WebView.\n\
|
||||||
|
The WebView has enabled JavaScript code execution. This can effect in XSS attack.\n\
|
||||||
|
Consider disabling JavaScript in WebView.
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.WebViewPlugin.DEBUGGING_ENABLED=JavaScript debugging enabled in WebView.\n\
|
||||||
|
The WebView has enabled JavaScript code debugging. This can effect in data leakage from WebView component.\n\
|
||||||
|
Consider disabling JavaScript debugging in WebView.
|
||||||
|
|
||||||
|
com.bartek.esa.core.plugin.WebViewPlugin.ALLOW_FILE_ACCESS=Access to file system from WebView.\n\
|
||||||
|
The WebView has granted access to private files. Loading content from untrusted source may effect with \n\
|
||||||
|
accessing private files by malicious site/application.\n\
|
||||||
|
Consider disabling this option.
|
||||||
|
|||||||
Reference in New Issue
Block a user