Info Call to dangerous WebView settings API

Description

List of all WebView methods used in the application.

Recommendation

If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.

Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView

Technical details

Method android.support.v7.widget.SuggestionsAdapter.getDrawableFromResourceValue() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable getDrawableFromResourceValue(String p10)
    {
        if ((p10 != null) && ((p10.length() != 0) && (!"0".equals(p10)))) {
            try {
                int v3 = Integer.parseInt(p10);
                String v1 = new StringBuilder().append("android.resource://").append(this.mProviderContext.getPackageName()).append("/").append(v3).toString();
                android.graphics.drawable.Drawable v0 = this.checkIconCache(v1);
            } catch (android.content.res.Resources$NotFoundException v2) {
                android.util.Log.w("SuggestionsAdapter", new StringBuilder().append("Icon resource not found: ").append(p10).toString());
                v0 = 0;
            } catch (android.content.res.Resources$NotFoundException v2) {
                v0 = this.checkIconCache(p10);
                if (v0 == null) {
                    v0 = this.getDrawable(android.net.Uri.parse(p10));
                    this.storeInIconCache(p10, v0);
                }
            }
            if (v0 == null) {
                v0 = android.support.v4.content.ContextCompat.getDrawable(this.mProviderContext, v3);
                this.storeInIconCache(v1, v0);
            }
        } else {
            v0 = 0;
        }
        return v0;
    }

Method android.support.v7.widget.SearchView.createIntentFromSuggestion() calling method android.net.Uri.parse()


    private android.content.Intent createIntentFromSuggestion(android.database.Cursor p13, int p14, String p15)
    {
        try {
            String v1 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_action");
        } catch (RuntimeException v8) {
            try {
                int v11 = p13.getPosition();
            } catch (RuntimeException v9) {
                v11 = -1;
            }
            android.util.Log.w("SearchView", new StringBuilder().append("Search suggestions cursor at row ").append(v11).append(" returned exception.").toString(), v8);
            android.content.Intent v0_12 = 0;
            return v0_12;
        }
        if (v1 == null) {
            v1 = this.mSearchable.getSuggestIntentAction();
        }
        if (v1 == null) {
            v1 = "android.intent.action.SEARCH";
        }
        String v7 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_data");
        if (v7 == null) {
            v7 = this.mSearchable.getSuggestIntentData();
        }
        if (v7 != null) {
            String v10 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_data_id");
            if (v10 != null) {
                v7 = new StringBuilder().append(v7).append("/").append(android.net.Uri.encode(v10)).toString();
            }
        }
        android.net.Uri v2;
        if (v7 != null) {
            v2 = android.net.Uri.parse(v7);
        } else {
            v2 = 0;
        }
        v0_12 = this.createIntent(v1, v2, android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_extra_data"), android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_query"), p14, p15);
        return v0_12;
    }

Method android.support.v7.media.MediaRouteDescriptor.getIconUri() calling method android.net.Uri.parse()


    public android.net.Uri getIconUri()
    {
        android.net.Uri v1_1;
        String v0 = this.mBundle.getString("iconUri");
        if (v0 != null) {
            v1_1 = android.net.Uri.parse(v0);
        } else {
            v1_1 = 0;
        }
        return v1_1;
    }

Method android.support.v4.widget.SimpleCursorAdapter.setViewImage() calling method android.net.Uri.parse()


    public void setViewImage(android.widget.ImageView p3, String p4)
    {
        try {
            p3.setImageResource(Integer.parseInt(p4));
        } catch (NumberFormatException v0) {
            p3.setImageURI(android.net.Uri.parse(p4));
        }
        return;
    }

Method android.support.v4.media.MediaMetadataCompat.getDescription() calling method android.net.Uri.parse()


    public android.support.v4.media.MediaDescriptionCompat getDescription()
    {
        android.support.v4.media.MediaDescriptionCompat v19_13;
        if (this.mDescription == null) {
            String v12 = this.getString("android.media.metadata.MEDIA_ID");
            android.support.v4.media.MediaDescriptionCompat v0_4 = new CharSequence[3];
            CharSequence[] v16 = v0_4;
            CharSequence v8 = 0;
            android.net.Uri v9 = 0;
            CharSequence v6 = this.getText("android.media.metadata.DISPLAY_TITLE");
            if (android.text.TextUtils.isEmpty(v6)) {
                int v17 = 0;
                int v10 = 0;
                while ((v17 < v16.length) && (v10 < android.support.v4.media.MediaMetadataCompat.PREFERRED_DESCRIPTION_ORDER.length)) {
                    int v11 = (v10 + 1);
                    String v15_0 = this.getText(android.support.v4.media.MediaMetadataCompat.PREFERRED_DESCRIPTION_ORDER[v10]);
                    if (!android.text.TextUtils.isEmpty(v15_0)) {
                        int v18 = (v17 + 1);
                        v16[v17] = v15_0;
                        v17 = v18;
                    }
                    v10 = v11;
                }
            } else {
                v16[0] = v6;
                v16[1] = this.getText("android.media.metadata.DISPLAY_SUBTITLE");
                v16[2] = this.getText("android.media.metadata.DISPLAY_DESCRIPTION");
            }
            int v7_0 = 0;
            while (v7_0 < android.support.v4.media.MediaMetadataCompat.PREFERRED_BITMAP_ORDER.length) {
                String v15_1 = this.getBitmap(android.support.v4.media.MediaMetadataCompat.PREFERRED_BITMAP_ORDER[v7_0]);
                if (v15_1 == null) {
                    v7_0++;
                } else {
                    v8 = v15_1;
                    break;
                }
            }
            int v7_1 = 0;
            while (v7_1 < android.support.v4.media.MediaMetadataCompat.PREFERRED_URI_ORDER.length) {
                String v15_2 = this.getString(android.support.v4.media.MediaMetadataCompat.PREFERRED_URI_ORDER[v7_1]);
                if (android.text.TextUtils.isEmpty(v15_2)) {
                    v7_1++;
                } else {
                    v9 = android.net.Uri.parse(v15_2);
                    break;
                }
            }
            android.net.Uri v13 = 0;
            String v14 = this.getString("android.media.metadata.MEDIA_URI");
            if (!android.text.TextUtils.isEmpty(v14)) {
                v13 = android.net.Uri.parse(v14);
            }
            android.support.v4.media.MediaDescriptionCompat$Builder v4_1 = new android.support.v4.media.MediaDescriptionCompat$Builder();
            v4_1.setMediaId(v12);
            v4_1.setTitle(v16[0]);
            v4_1.setSubtitle(v16[1]);
            v4_1.setDescription(v16[2]);
            v4_1.setIconBitmap(v8);
            v4_1.setIconUri(v9);
            v4_1.setMediaUri(v13);
            if (this.mBundle.containsKey("android.media.metadata.BT_FOLDER_TYPE")) {
                android.os.Bundle v5_1 = new android.os.Bundle();
                v5_1.putLong("android.media.extra.BT_FOLDER_TYPE", this.getLong("android.media.metadata.BT_FOLDER_TYPE"));
                v4_1.setExtras(v5_1);
            }
            this.mDescription = v4_1.build();
            v19_13 = this.mDescription;
        } else {
            v19_13 = this.mDescription;
        }
        return v19_13;
    }

Method android.support.v4.app.ActivityCompat.getReferrer() calling method android.net.Uri.parse()


    public static android.net.Uri getReferrer(android.app.Activity p5)
    {
        int v1_0;
        if (android.os.Build$VERSION.SDK_INT < 22) {
            android.content.Intent v0 = p5.getIntent();
            v1_0 = ((android.net.Uri) v0.getParcelableExtra("android.intent.extra.REFERRER"));
            if (v1_0 == 0) {
                String v2 = v0.getStringExtra("android.intent.extra.REFERRER_NAME");
                if (v2 == null) {
                    v1_0 = 0;
                } else {
                    v1_0 = android.net.Uri.parse(v2);
                }
            }
        } else {
            v1_0 = android.support.v4.app.ActivityCompatApi22.getReferrer(p5);
        }
        return v1_0;
    }