Info Call to dangerous WebView settings API

Description

List of all WebView methods used in the application.

Recommendation

If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.

Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView

Technical details

Method androidx.core.graphics.drawable.IconCompat.getUri() calling method android.net.Uri.parse()


    public android.net.Uri getUri()
    {
        if ((this.mType != -1) || (android.os.Build$VERSION.SDK_INT < 23)) {
            return android.net.Uri.parse(((String) this.mObj1));
        } else {
            return androidx.core.graphics.drawable.IconCompat.getUri(((android.graphics.drawable.Icon) this.mObj1));
        }
    }

Method androidx.core.graphics.drawable.IconCompat.loadDrawableInner() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable loadDrawableInner(android.content.Context p7)
    {
        switch (this.mType) {
            case 1:
                return new android.graphics.drawable.BitmapDrawable(p7.getResources(), ((android.graphics.Bitmap) this.mObj1));
            case 2:
                android.graphics.Bitmap v0_14 = this.getResPackage();
                if (android.text.TextUtils.isEmpty(v0_14)) {
                    v0_14 = p7.getPackageName();
                }
                try {
                    return androidx.core.content.res.ResourcesCompat.getDrawable(androidx.core.graphics.drawable.IconCompat.getResources(p7, v0_14), this.mInt1, p7.getTheme());
                } catch (android.content.res.Resources v7_7) {
                    StringBuilder v4_7 = new Object[2];
                    v4_7[0] = Integer.valueOf(this.mInt1);
                    v4_7[1] = this.mObj1;
                    android.util.Log.e("IconCompat", String.format("Unable to load resource 0x%08x from pkg=%s", v4_7), v7_7);
                }
            case 3:
                return new android.graphics.drawable.BitmapDrawable(p7.getResources(), android.graphics.BitmapFactory.decodeByteArray(((byte[]) this.mObj1), this.mInt1, this.mInt2));
            case 4:
                android.graphics.Bitmap v0_7;
                android.graphics.Bitmap v0_6 = android.net.Uri.parse(((String) this.mObj1));
                android.graphics.drawable.BitmapDrawable v1_6 = v0_6.getScheme();
                if ((!"content".equals(v1_6)) && (!"file".equals(v1_6))) {
                    try {
                        v0_7 = new java.io.FileInputStream(new java.io.File(((String) this.mObj1)));
                    } catch (android.graphics.drawable.BitmapDrawable v1_10) {
                        StringBuilder v4_3 = new StringBuilder();
                        v4_3.append("Unable to load image from path: ");
                        v4_3.append(v0_7);
                        android.util.Log.w("IconCompat", v4_3.toString(), v1_10);
                        v0_7 = 0;
                    }
                } else {
                    try {
                        v0_7 = p7.getContentResolver().openInputStream(v0_6);
                    } catch (android.graphics.drawable.BitmapDrawable v1_12) {
                        StringBuilder v4_5 = new StringBuilder();
                        v4_5.append("Unable to load image from URI: ");
                        v4_5.append(v0_7);
                        android.util.Log.w("IconCompat", v4_5.toString(), v1_12);
                    }
                }
                if (v0_7 == null) {
                } else {
                    return new android.graphics.drawable.BitmapDrawable(p7.getResources(), android.graphics.BitmapFactory.decodeStream(v0_7));
                }
            case 5:
                return new android.graphics.drawable.BitmapDrawable(p7.getResources(), androidx.core.graphics.drawable.IconCompat.createLegacyIconFromAdaptiveIcon(((android.graphics.Bitmap) this.mObj1), 0));
            default:
        }
        return 0;
    }

Method androidx.core.app.ActivityCompat.getReferrer() calling method android.net.Uri.parse()


    public static android.net.Uri getReferrer(android.app.Activity p2)
    {
        if (android.os.Build$VERSION.SDK_INT < 22) {
            int v2_5 = p2.getIntent();
            String v0_4 = ((android.net.Uri) v2_5.getParcelableExtra("android.intent.extra.REFERRER"));
            if (v0_4 == null) {
                int v2_1 = v2_5.getStringExtra("android.intent.extra.REFERRER_NAME");
                if (v2_1 == 0) {
                    return 0;
                } else {
                    return android.net.Uri.parse(v2_1);
                }
            } else {
                return v0_4;
            }
        } else {
            return p2.getReferrer();
        }
    }

Method androidx.core.app.RemoteInput.getDataResultsFromIntent() calling method android.net.Uri.parse()


    public static java.util.Map getDataResultsFromIntent(android.content.Intent p6, String p7)
    {
        if (android.os.Build$VERSION.SDK_INT < 26) {
            if (android.os.Build$VERSION.SDK_INT < 16) {
                return 0;
            } else {
                boolean v6_3 = androidx.core.app.RemoteInput.getClipDataIntentFromIntent(p6);
                if (v6_3) {
                    int v0_2 = new java.util.HashMap();
                    java.util.Iterator v1_3 = v6_3.getExtras().keySet().iterator();
                    while (v1_3.hasNext()) {
                        android.net.Uri v3_2 = ((String) v1_3.next());
                        if (v3_2.startsWith("android.remoteinput.dataTypeResultsData")) {
                            String v4_3 = v3_2.substring(39);
                            if (!v4_3.isEmpty()) {
                                android.net.Uri v3_4 = v6_3.getBundleExtra(v3_2).getString(p7);
                                if ((v3_4 != null) && (!v3_4.isEmpty())) {
                                    v0_2.put(v4_3, android.net.Uri.parse(v3_4));
                                }
                            }
                        }
                    }
                    if (v0_2.isEmpty()) {
                        v0_2 = 0;
                    }
                    return v0_2;
                } else {
                    return 0;
                }
            }
        } else {
            return android.app.RemoteInput.getDataResultsFromIntent(p6, p7);
        }
    }