Info Call to dangerous WebView settings API

Description

List of all WebView methods used in the application.

Recommendation

If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.

Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView

Technical details

Method android.support.v7.widget.SuggestionsAdapter.getDrawableFromResourceValue() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable getDrawableFromResourceValue(String p6)
    {
        if ((p6 != null) && ((!p6.isEmpty()) && (!"0".equals(p6)))) {
            try {
                android.graphics.drawable.Drawable v1_0 = Integer.parseInt(p6);
                android.net.Uri v2_1 = new StringBuilder();
                v2_1.append("android.resource://");
                v2_1.append(this.mProviderContext.getPackageName());
                v2_1.append("/");
                v2_1.append(v1_0);
                android.net.Uri v2_2 = v2_1.toString();
                android.graphics.drawable.Drawable v3_4 = this.checkIconCache(v2_2);
            } catch (android.graphics.drawable.Drawable v1) {
                android.graphics.drawable.Drawable v3_7 = new StringBuilder();
                v3_7.append("Icon resource not found: ");
                v3_7.append(p6);
                android.util.Log.w("SuggestionsAdapter", v3_7.toString());
                return 0;
            } catch (NumberFormatException v0) {
                android.graphics.drawable.Drawable v1_2 = this.checkIconCache(p6);
                if (v1_2 == null) {
                    android.graphics.drawable.Drawable v1_4 = this.getDrawable(android.net.Uri.parse(p6));
                    this.storeInIconCache(p6, v1_4);
                    return v1_4;
                } else {
                    return v1_2;
                }
            }
            if (v3_4 == null) {
                android.graphics.drawable.Drawable v3_5 = android.support.v4.content.ContextCompat.getDrawable(this.mProviderContext, v1_0);
                this.storeInIconCache(v2_2, v3_5);
                return v3_5;
            } else {
                return v3_4;
            }
        } else {
            return 0;
        }
    }

Method android.support.v4.widget.SimpleCursorAdapter.setViewImage() calling method android.net.Uri.parse()


    public void setViewImage(android.widget.ImageView p3, String p4)
    {
        try {
            p3.setImageResource(Integer.parseInt(p4));
        } catch (NumberFormatException v0) {
            p3.setImageURI(android.net.Uri.parse(p4));
        }
        return;
    }

Method com.google.android.gms.common.images.WebImage.zaa() calling method android.net.Uri.parse()


    private static android.net.Uri zaa(org.json.JSONObject p1)
    {
        org.json.JSONException v1_1;
        if (!p1.has("url")) {
            v1_1 = 0;
        } else {
            try {
                v1_1 = android.net.Uri.parse(p1.getString("url"));
            } catch (org.json.JSONException v1) {
            }
        }
        return v1_1;
    }

Method com.google.android.gms.auth.api.signin.GoogleSignInAccount.zaa() calling method android.net.Uri.parse()


    public static com.google.android.gms.auth.api.signin.GoogleSignInAccount zaa(String p13)
    {
        if (!android.text.TextUtils.isEmpty(p13)) {
            int v8;
            String v0_2 = new org.json.JSONObject(p13);
            com.google.android.gms.auth.api.signin.GoogleSignInAccount v13_10 = v0_2.optString("photoUrl", 0);
            if (android.text.TextUtils.isEmpty(v13_10)) {
                v8 = 0;
            } else {
                v8 = android.net.Uri.parse(v13_10);
            }
            String v2_1 = Long.parseLong(v0_2.getString("expirationTime"));
            java.util.HashSet v11_1 = new java.util.HashSet();
            com.google.android.gms.auth.api.signin.GoogleSignInAccount v13_5 = v0_2.getJSONArray("grantedScopes");
            String v4_0 = v13_5.length();
            String v5_0 = 0;
            while (v5_0 < v4_0) {
                v11_1.add(new com.google.android.gms.common.api.Scope(v13_5.getString(v5_0)));
                v5_0++;
            }
            com.google.android.gms.auth.api.signin.GoogleSignInAccount v13_8 = com.google.android.gms.auth.api.signin.GoogleSignInAccount.zaa(v0_2.optString("id"), v0_2.optString("tokenId", 0), v0_2.optString("email", 0), v0_2.optString("displayName", 0), v0_2.optString("givenName", 0), v0_2.optString("familyName", 0), v8, Long.valueOf(v2_1), v0_2.getString("obfuscatedIdentifier"), v11_1);
            v13_8.zaj = v0_2.optString("serverAuthCode", 0);
            return v13_8;
        } else {
            return 0;
        }
    }

Method android.support.v4.graphics.drawable.IconCompat.getUri() calling method android.net.Uri.parse()


    public android.net.Uri getUri()
    {
        if ((this.mType != -1) || (android.os.Build$VERSION.SDK_INT < 23)) {
            return android.net.Uri.parse(((String) this.mObj1));
        } else {
            return android.support.v4.graphics.drawable.IconCompat.getUri(((android.graphics.drawable.Icon) this.mObj1));
        }
    }

Method android.support.v4.graphics.drawable.IconCompat.loadDrawableInner() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable loadDrawableInner(android.content.Context p9)
    {
        switch (this.mType) {
            case 1:
                return new android.graphics.drawable.BitmapDrawable(p9.getResources(), ((android.graphics.Bitmap) this.mObj1));
            case 2:
                String v0_11 = this.getResPackage();
                if (android.text.TextUtils.isEmpty(v0_11)) {
                    v0_11 = p9.getPackageName();
                }
                try {
                    String v1_7 = android.support.v4.content.res.ResourcesCompat.getDrawable(android.support.v4.graphics.drawable.IconCompat.getResources(p9, v0_11), this.mInt1, p9.getTheme());
                    return v1_7;
                } catch (android.graphics.drawable.BitmapDrawable v3_16) {
                    String v6_3 = new Object[2];
                    v6_3[v1_7] = Integer.valueOf(this.mInt1);
                    v6_3[1] = this.mObj1;
                    android.util.Log.e("IconCompat", String.format("Unable to load resource 0x%08x from pkg=%s", v6_3), v3_16);
                }
            case 3:
                return new android.graphics.drawable.BitmapDrawable(p9.getResources(), android.graphics.BitmapFactory.decodeByteArray(((byte[]) this.mObj1), this.mInt1, this.mInt2));
            case 4:
                java.io.FileInputStream v2_2;
                String v0_7 = android.net.Uri.parse(((String) this.mObj1));
                String v1_4 = v0_7.getScheme();
                if ((!"content".equals(v1_4)) && (!"file".equals(v1_4))) {
                    try {
                        v2_2 = new java.io.FileInputStream(new java.io.File(((String) this.mObj1)));
                    } catch (android.graphics.drawable.BitmapDrawable v3_6) {
                        android.graphics.Bitmap v5_3 = new StringBuilder();
                        v5_3.append("Unable to load image from path: ");
                        v5_3.append(v0_7);
                        android.util.Log.w("IconCompat", v5_3.toString(), v3_6);
                    }
                } else {
                    try {
                        v2_2 = p9.getContentResolver().openInputStream(v0_7);
                    } catch (android.graphics.drawable.BitmapDrawable v3_9) {
                        android.graphics.Bitmap v5_6 = new StringBuilder();
                        v5_6.append("Unable to load image from URI: ");
                        v5_6.append(v0_7);
                        android.util.Log.w("IconCompat", v5_6.toString(), v3_9);
                    }
                }
                if (v2_2 == null) {
                } else {
                    return new android.graphics.drawable.BitmapDrawable(p9.getResources(), android.graphics.BitmapFactory.decodeStream(v2_2));
                }
            case 5:
                return new android.graphics.drawable.BitmapDrawable(p9.getResources(), android.support.v4.graphics.drawable.IconCompat.createLegacyIconFromAdaptiveIcon(((android.graphics.Bitmap) this.mObj1), 0));
            default:
        }
        return 0;
    }

Method android.support.v7.widget.SearchView.createIntentFromSuggestion() calling method android.net.Uri.parse()


    private android.content.Intent createIntentFromSuggestion(android.database.Cursor p11, int p12, String p13)
    {
        try {
            String v1_1 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p11, "suggest_intent_action");
        } catch (String v1_2) {
            try {
                android.support.v7.widget.SearchView v2_5 = p11.getPosition();
            } catch (android.support.v7.widget.SearchView v2) {
                v2_5 = -1;
            }
            android.net.Uri v4_5 = new StringBuilder();
            v4_5.append("Search suggestions cursor at row ");
            v4_5.append(v2_5);
            v4_5.append(" returned exception.");
            android.util.Log.w("SearchView", v4_5.toString(), v1_2);
            return 0;
        }
        if (v1_1 == null) {
            v1_1 = this.mSearchable.getSuggestIntentAction();
        }
        if (v1_1 == null) {
            v1_1 = "android.intent.action.SEARCH";
        }
        android.support.v7.widget.SearchView v2_2 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p11, "suggest_intent_data");
        if (v2_2 == null) {
            v2_2 = this.mSearchable.getSuggestIntentData();
        }
        String v9;
        if (v2_2 == null) {
            v9 = v2_2;
        } else {
            String v3_3 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p11, "suggest_intent_data_id");
            if (v3_3 == null) {
            } else {
                android.net.Uri v4_1 = new StringBuilder();
                v4_1.append(v2_2);
                v4_1.append("/");
                v4_1.append(android.net.Uri.encode(v3_3));
                v9 = v4_1.toString();
            }
        }
        android.net.Uri v4_3;
        if (v9 != null) {
            v4_3 = android.net.Uri.parse(v9);
        } else {
            v4_3 = 0;
        }
        return this.createIntent(v1_1, v4_3, android.support.v7.widget.SuggestionsAdapter.getColumnString(p11, "suggest_intent_extra_data"), android.support.v7.widget.SuggestionsAdapter.getColumnString(p11, "suggest_intent_query"), p12, p13);
    }

Method android.support.v4.app.ActivityCompat.getReferrer() calling method android.net.Uri.parse()


    public static android.net.Uri getReferrer(android.app.Activity p4)
    {
        if (android.os.Build$VERSION.SDK_INT < 22) {
            android.content.Intent v0_2 = p4.getIntent();
            android.net.Uri v1_3 = ((android.net.Uri) v0_2.getParcelableExtra("android.intent.extra.REFERRER"));
            if (v1_3 == null) {
                String v2_1 = v0_2.getStringExtra("android.intent.extra.REFERRER_NAME");
                if (v2_1 == null) {
                    return 0;
                } else {
                    return android.net.Uri.parse(v2_1);
                }
            } else {
                return v1_3;
            }
        } else {
            return p4.getReferrer();
        }
    }

Method com.squareup.picasso.Picasso.load() calling method android.net.Uri.parse()


    public com.squareup.picasso.RequestCreator load(String p4)
    {
        if (p4 != null) {
            if (p4.trim().length() == 0) {
                throw new IllegalArgumentException("Path must not be empty.");
            } else {
                return this.load(android.net.Uri.parse(p4));
            }
        } else {
            return new com.squareup.picasso.RequestCreator(this, 0, 0);
        }
    }

Method com.squareup.picasso.Picasso.invalidate() calling method android.net.Uri.parse()


    public void invalidate(String p2)
    {
        if (p2 != null) {
            this.invalidate(android.net.Uri.parse(p2));
        }
        return;
    }

Method com.google.android.gms.dynamite.DynamiteModule.zzc() calling method android.net.Uri.parse()


    private static int zzc(android.content.Context p8, String p9, boolean p10)
    {
        Throwable v0 = 0;
        try {
            Throwable v8_5;
            android.database.Cursor v1_0 = p8.getContentResolver();
        } catch (Throwable v8_1) {
            if (v0 != null) {
                v0.close();
            }
            throw v8_1;
        } catch (Throwable v8_6) {
            Throwable v9_1 = 0;
            try {
                if (!(v8_6 instanceof com.google.android.gms.dynamite.DynamiteModule$LoadingException)) {
                    throw new com.google.android.gms.dynamite.DynamiteModule$LoadingException("V2 version check failed", v8_6, 0);
                } else {
                    throw v8_6;
                }
            } catch (Throwable v8_1) {
                v0 = v9_1;
            }
            if (Throwable v8_4 != null) {
                v8_4.close();
            }
            return Throwable v9_7;
        }
        if (p10 == null) {
            v8_5 = "api";
        } else {
            v8_5 = "api_force_staging";
        }
        android.net.Uri v2_3 = new StringBuilder(((String.valueOf(v8_5).length() + 42) + String.valueOf(p9).length()));
        v2_3.append("content://com.google.android.gms.chimera/");
        v2_3.append(v8_5);
        v2_3.append("/");
        v2_3.append(p9);
        v8_4 = v1_0.query(android.net.Uri.parse(v2_3.toString()), 0, 0, 0, 0);
        try {
            if ((v8_4 == null) || (!v8_4.moveToFirst())) {
                android.util.Log.w("DynamiteModule", "Failed to retrieve remote module version.");
                throw new com.google.android.gms.dynamite.DynamiteModule$LoadingException("Failed to connect to dynamite module ContentResolver.", 0);
            } else {
                v9_7 = v8_4.getInt(0);
                if (v9_7 > null) {
                    com.google.android.gms.dynamite.DynamiteModule.zzig = v8_4.getString(2);
                    android.database.Cursor v1_4 = v8_4.getColumnIndex("loaderVersion");
                    if (v1_4 >= null) {
                        com.google.android.gms.dynamite.DynamiteModule.zzih = v8_4.getInt(v1_4);
                    }
                    com.google.android.gms.dynamite.DynamiteModule$zza v10_10 = ((com.google.android.gms.dynamite.DynamiteModule$zza) com.google.android.gms.dynamite.DynamiteModule.zzii.get());
                    if ((v10_10 != null) && (v10_10.zzin == null)) {
                        v10_10.zzin = v8_4;
                        v8_4 = 0;
                    }
                }
            }
        } catch (Throwable v9_10) {
            v0 = v8_4;
            v8_1 = v9_10;
        } catch (Throwable v9_9) {
            v9_1 = v8_4;
            v8_6 = v9_9;
        }
    }

Method com.google.android.gms.common.internal.zzg.zza() calling method android.net.Uri.parse()


    public static android.content.Intent zza(String p3, String p4)
    {
        android.content.Intent v0_1 = new android.content.Intent("android.intent.action.VIEW");
        int v3_1 = android.net.Uri.parse("market://details").buildUpon().appendQueryParameter("id", p3);
        if (!android.text.TextUtils.isEmpty(p4)) {
            v3_1.appendQueryParameter("pcampaignid", p4);
        }
        v0_1.setData(v3_1.build());
        v0_1.setPackage("com.android.vending");
        v0_1.addFlags(524288);
        return v0_1;
    }

Method com.google.android.gms.common.internal.zzg.<clinit>() calling method android.net.Uri.parse()


    static zzg()
    {
        android.net.Uri v0_3 = android.net.Uri.parse("https://plus.google.com/");
        com.google.android.gms.common.internal.zzg.zzed = v0_3;
        com.google.android.gms.common.internal.zzg.zzee = v0_3.buildUpon().appendPath("circles").appendPath("find").build();
        return;
    }

Method com.google.android.gms.common.data.DataBufferRef.parseUri() calling method android.net.Uri.parse()


    protected android.net.Uri parseUri(String p4)
    {
        android.net.Uri v4_1 = this.mDataHolder.getString(p4, this.mDataRow, this.zalm);
        if (v4_1 != null) {
            return android.net.Uri.parse(v4_1);
        } else {
            return 0;
        }
    }

Method android.support.v4.media.MediaMetadataCompat.getDescription() calling method android.net.Uri.parse()


    public android.support.v4.media.MediaDescriptionCompat getDescription()
    {
        String v0_0 = this.mDescription;
        if (v0_0 == null) {
            String v0_2 = this.getString("android.media.metadata.MEDIA_ID");
            CharSequence[] v1_1 = new CharSequence[3];
            CharSequence v2 = 0;
            android.net.Uri v3 = 0;
            CharSequence v4_0 = this.getText("android.media.metadata.DISPLAY_TITLE");
            if (android.text.TextUtils.isEmpty(v4_0)) {
                android.net.Uri v5_1 = 0;
                String v9_0 = 0;
                while (v5_1 < v1_1.length) {
                    android.support.v4.media.MediaDescriptionCompat$Builder v10_1 = android.support.v4.media.MediaMetadataCompat.PREFERRED_DESCRIPTION_ORDER;
                    if (v9_0 >= v10_1.length) {
                        break;
                    }
                    long v11_2 = (v9_0 + 1);
                    String v9_2 = this.getText(v10_1[v9_0]);
                    if (!android.text.TextUtils.isEmpty(v9_2)) {
                        android.support.v4.media.MediaDescriptionCompat$Builder v10_3 = (v5_1 + 1);
                        v1_1[v5_1] = v9_2;
                        v5_1 = v10_3;
                    }
                    v9_0 = v11_2;
                }
            } else {
                v1_1[0] = v4_0;
                v1_1[1] = this.getText("android.media.metadata.DISPLAY_SUBTITLE");
                v1_1[2] = this.getText("android.media.metadata.DISPLAY_DESCRIPTION");
            }
            android.net.Uri v5_6 = 0;
            while(true) {
                String v9_3 = android.support.v4.media.MediaMetadataCompat.PREFERRED_BITMAP_ORDER;
                if (v5_6 < v9_3.length) {
                    String v9_5 = this.getBitmap(v9_3[v5_6]);
                    if (v9_5 != null) {
                        break;
                    }
                    v5_6++;
                }
                android.net.Uri v5_7 = 0;
                while(true) {
                    String v9_6 = android.support.v4.media.MediaMetadataCompat.PREFERRED_URI_ORDER;
                    if (v5_7 < v9_6.length) {
                        String v9_8 = this.getString(v9_6[v5_7]);
                        if (!android.text.TextUtils.isEmpty(v9_8)) {
                            break;
                        }
                        v5_7++;
                    }
                    android.net.Uri v5_8 = 0;
                    String v9_10 = this.getString("android.media.metadata.MEDIA_URI");
                    if (!android.text.TextUtils.isEmpty(v9_10)) {
                        v5_8 = android.net.Uri.parse(v9_10);
                    }
                    android.support.v4.media.MediaDescriptionCompat$Builder v10_9 = new android.support.v4.media.MediaDescriptionCompat$Builder();
                    v10_9.setMediaId(v0_2);
                    v10_9.setTitle(v1_1[0]);
                    v10_9.setSubtitle(v1_1[1]);
                    v10_9.setDescription(v1_1[2]);
                    v10_9.setIconBitmap(v2);
                    v10_9.setIconUri(v3);
                    v10_9.setMediaUri(v5_8);
                    android.os.Bundle v6_3 = new android.os.Bundle();
                    if (this.mBundle.containsKey("android.media.metadata.BT_FOLDER_TYPE")) {
                        v6_3.putLong("android.media.extra.BT_FOLDER_TYPE", this.getLong("android.media.metadata.BT_FOLDER_TYPE"));
                    }
                    if (this.mBundle.containsKey("android.media.metadata.DOWNLOAD_STATUS")) {
                        v6_3.putLong("android.media.extra.DOWNLOAD_STATUS", this.getLong("android.media.metadata.DOWNLOAD_STATUS"));
                    }
                    if (!v6_3.isEmpty()) {
                        v10_9.setExtras(v6_3);
                    }
                    this.mDescription = v10_9.build();
                    return this.mDescription;
                }
                v3 = android.net.Uri.parse(v9_8);
            }
            v2 = v9_5;
        } else {
            return v0_0;
        }
    }

Method android.support.v4.app.RemoteInput.getDataResultsFromIntent() calling method android.net.Uri.parse()


    public static java.util.Map getDataResultsFromIntent(android.content.Intent p10, String p11)
    {
        if (android.os.Build$VERSION.SDK_INT < 26) {
            java.util.HashMap v2 = 0;
            if (android.os.Build$VERSION.SDK_INT < 16) {
                android.util.Log.w("RemoteInput", "RemoteInput is only supported from API Level 16");
                return 0;
            } else {
                String v0_1 = android.support.v4.app.RemoteInput.getClipDataIntentFromIntent(p10);
                if (v0_1 != null) {
                    java.util.HashMap v1_2 = new java.util.HashMap();
                    boolean v4_1 = v0_1.getExtras().keySet().iterator();
                    while (v4_1.hasNext()) {
                        String v5_2 = ((String) v4_1.next());
                        if (v5_2.startsWith("android.remoteinput.dataTypeResultsData")) {
                            String v6_4 = v5_2.substring("android.remoteinput.dataTypeResultsData".length());
                            if (!v6_4.isEmpty()) {
                                String v8 = v0_1.getBundleExtra(v5_2).getString(p11);
                                if ((v8 != null) && (!v8.isEmpty())) {
                                    v1_2.put(v6_4, android.net.Uri.parse(v8));
                                }
                            }
                        }
                    }
                    if (!v1_2.isEmpty()) {
                        v2 = v1_2;
                    }
                    return v2;
                } else {
                    return 0;
                }
            }
        } else {
            return android.app.RemoteInput.getDataResultsFromIntent(p10, p11);
        }
    }

Method com.example.diegosantiago.turbo.Fragmentos.BusquedaFragment.startLink() calling method android.net.Uri.parse()


    private void startLink(String p4)
    {
        this.startActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse(p4)));
        return;
    }