Info Call to dangerous WebView settings API

Description

List of all WebView methods used in the application.

Recommendation

If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.

Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView

Technical details

Method android.support.v7.widget.SuggestionsAdapter.getDrawableFromResourceValue() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable getDrawableFromResourceValue(String p10)
    {
        if ((p10 != null) && ((!p10.isEmpty()) && (!"0".equals(p10)))) {
            try {
                int v3 = Integer.parseInt(p10);
                String v1 = new StringBuilder().append("android.resource://").append(this.mProviderContext.getPackageName()).append("/").append(v3).toString();
                android.graphics.drawable.Drawable v0 = this.checkIconCache(v1);
            } catch (android.content.res.Resources$NotFoundException v2) {
                android.util.Log.w("SuggestionsAdapter", new StringBuilder().append("Icon resource not found: ").append(p10).toString());
                v0 = 0;
            } catch (android.content.res.Resources$NotFoundException v2) {
                v0 = this.checkIconCache(p10);
                if (v0 == null) {
                    v0 = this.getDrawable(android.net.Uri.parse(p10));
                    this.storeInIconCache(p10, v0);
                }
            }
            if (v0 == null) {
                v0 = android.support.v4.content.ContextCompat.getDrawable(this.mProviderContext, v3);
                this.storeInIconCache(v1, v0);
            }
        } else {
            v0 = 0;
        }
        return v0;
    }

Method android.support.v7.widget.SearchView.createIntentFromSuggestion() calling method android.net.Uri.parse()


    private android.content.Intent createIntentFromSuggestion(android.database.Cursor p13, int p14, String p15)
    {
        try {
            String v1 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_action");
        } catch (RuntimeException v8) {
            try {
                int v11 = p13.getPosition();
            } catch (RuntimeException v9) {
                v11 = -1;
            }
            android.util.Log.w("SearchView", new StringBuilder().append("Search suggestions cursor at row ").append(v11).append(" returned exception.").toString(), v8);
            android.content.Intent v0_12 = 0;
            return v0_12;
        }
        if (v1 == null) {
            v1 = this.mSearchable.getSuggestIntentAction();
        }
        if (v1 == null) {
            v1 = "android.intent.action.SEARCH";
        }
        String v7 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_data");
        if (v7 == null) {
            v7 = this.mSearchable.getSuggestIntentData();
        }
        if (v7 != null) {
            String v10 = android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_data_id");
            if (v10 != null) {
                v7 = new StringBuilder().append(v7).append("/").append(android.net.Uri.encode(v10)).toString();
            }
        }
        android.net.Uri v2;
        if (v7 != null) {
            v2 = android.net.Uri.parse(v7);
        } else {
            v2 = 0;
        }
        v0_12 = this.createIntent(v1, v2, android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_extra_data"), android.support.v7.widget.SuggestionsAdapter.getColumnString(p13, "suggest_intent_query"), p14, p15);
        return v0_12;
    }

Method android.support.customtabs.CustomTabsClient.getPackageName() calling method android.net.Uri.parse()


    public static String getPackageName(android.content.Context p10, java.util.List p11, boolean p12)
    {
        java.util.ArrayList v3_0;
        android.content.pm.PackageManager v5 = p10.getPackageManager();
        if (p11 != null) {
            v3_0 = p11;
        } else {
            v3_0 = new java.util.ArrayList();
        }
        android.content.Intent v0_0 = new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("http://"));
        if (!p12) {
            android.content.pm.ResolveInfo v1 = v5.resolveActivity(v0_0, 0);
            if (v1 != null) {
                int v2_0 = v1.activityInfo.packageName;
                java.util.ArrayList v4_1 = new java.util.ArrayList((v3_0.size() + 1));
                v4_1.add(v2_0);
                if (p11 != null) {
                    v4_1.addAll(p11);
                }
                v3_0 = v4_1;
            }
        }
        android.content.Intent v6_1 = new android.content.Intent("android.support.customtabs.action.CustomTabsService");
        int v7_4 = v3_0.iterator();
        while (v7_4.hasNext()) {
            int v2_1 = ((String) v7_4.next());
            v6_1.setPackage(v2_1);
            if (v5.resolveService(v6_1, 0) != null) {
            }
            return v2_1;
        }
        v2_1 = 0;
        return v2_1;
    }

Method com.squareup.picasso.Picasso.load() calling method android.net.Uri.parse()


    public com.squareup.picasso.RequestCreator load(String p4)
    {
        com.squareup.picasso.RequestCreator v0_3;
        if (p4 != null) {
            if (p4.trim().length() != 0) {
                v0_3 = this.load(android.net.Uri.parse(p4));
            } else {
                throw new IllegalArgumentException("Path must not be empty.");
            }
        } else {
            v0_3 = new com.squareup.picasso.RequestCreator(this, 0, 0);
        }
        return v0_3;
    }

Method com.squareup.picasso.Picasso.invalidate() calling method android.net.Uri.parse()


    public void invalidate(String p3)
    {
        if (p3 != null) {
            this.invalidate(android.net.Uri.parse(p3));
            return;
        } else {
            throw new IllegalArgumentException("path == null");
        }
    }

Method androidx.browser.browseractions.BrowserActionsIntent.launchIntent() calling method android.net.Uri.parse()


    static void launchIntent(android.content.Context p7, android.content.Intent p8, java.util.List p9)
    {
        if ((p9 != null) && (p9.size() != 0)) {
            if (p9.size() != 1) {
                android.content.pm.ResolveInfo v0 = p7.getPackageManager().resolveActivity(new android.content.Intent("android.intent.action.VIEW", android.net.Uri.parse("https://www.example.com")), 65536);
                if (v0 != null) {
                    String v1 = v0.activityInfo.packageName;
                    int v2 = 0;
                    while (v2 < p9.size()) {
                        if (!v1.equals(((android.content.pm.ResolveInfo) p9.get(v2)).activityInfo.packageName)) {
                            v2++;
                        } else {
                            p8.setPackage(v1);
                            break;
                        }
                    }
                }
            } else {
                p8.setPackage(((android.content.pm.ResolveInfo) p9.get(0)).activityInfo.packageName);
            }
            android.support.v4.content.ContextCompat.startActivity(p7, p8, 0);
        } else {
            androidx.browser.browseractions.BrowserActionsIntent.openFallbackBrowserActionsMenu(p7, p8);
        }
        return;
    }

Method androidx.browser.browseractions.BrowserActionsIntent.getBrowserActionsIntentHandlers() calling method android.net.Uri.parse()


    private static java.util.List getBrowserActionsIntentHandlers(android.content.Context p4)
    {
        return p4.getPackageManager().queryIntentActivities(new android.content.Intent("androidx.browser.browseractions.browser_action_open", android.net.Uri.parse("https://www.example.com")), 131072);
    }

Method android.support.v7.media.MediaRouteDescriptor.getIconUri() calling method android.net.Uri.parse()


    public android.net.Uri getIconUri()
    {
        android.net.Uri v1_1;
        String v0 = this.mBundle.getString("iconUri");
        if (v0 != null) {
            v1_1 = android.net.Uri.parse(v0);
        } else {
            v1_1 = 0;
        }
        return v1_1;
    }

Method android.support.v4.widget.SimpleCursorAdapter.setViewImage() calling method android.net.Uri.parse()


    public void setViewImage(android.widget.ImageView p3, String p4)
    {
        try {
            p3.setImageResource(Integer.parseInt(p4));
        } catch (NumberFormatException v0) {
            p3.setImageURI(android.net.Uri.parse(p4));
        }
        return;
    }

Method android.support.v4.media.MediaMetadataCompat.getDescription() calling method android.net.Uri.parse()


    public android.support.v4.media.MediaDescriptionCompat getDescription()
    {
        android.support.v4.media.MediaDescriptionCompat v19_17;
        if (this.mDescription == null) {
            String v12 = this.getString("android.media.metadata.MEDIA_ID");
            android.support.v4.media.MediaDescriptionCompat v0_4 = new CharSequence[3];
            CharSequence[] v16 = v0_4;
            CharSequence v8 = 0;
            android.net.Uri v9 = 0;
            CharSequence v6 = this.getText("android.media.metadata.DISPLAY_TITLE");
            if (android.text.TextUtils.isEmpty(v6)) {
                int v17 = 0;
                int v10 = 0;
                while ((v17 < v16.length) && (v10 < android.support.v4.media.MediaMetadataCompat.PREFERRED_DESCRIPTION_ORDER.length)) {
                    int v11 = (v10 + 1);
                    String v15_0 = this.getText(android.support.v4.media.MediaMetadataCompat.PREFERRED_DESCRIPTION_ORDER[v10]);
                    if (!android.text.TextUtils.isEmpty(v15_0)) {
                        int v18 = (v17 + 1);
                        v16[v17] = v15_0;
                        v17 = v18;
                    }
                    v10 = v11;
                }
            } else {
                v16[0] = v6;
                v16[1] = this.getText("android.media.metadata.DISPLAY_SUBTITLE");
                v16[2] = this.getText("android.media.metadata.DISPLAY_DESCRIPTION");
            }
            int v7_0 = 0;
            while (v7_0 < android.support.v4.media.MediaMetadataCompat.PREFERRED_BITMAP_ORDER.length) {
                String v15_1 = this.getBitmap(android.support.v4.media.MediaMetadataCompat.PREFERRED_BITMAP_ORDER[v7_0]);
                if (v15_1 == null) {
                    v7_0++;
                } else {
                    v8 = v15_1;
                    break;
                }
            }
            int v7_1 = 0;
            while (v7_1 < android.support.v4.media.MediaMetadataCompat.PREFERRED_URI_ORDER.length) {
                String v15_2 = this.getString(android.support.v4.media.MediaMetadataCompat.PREFERRED_URI_ORDER[v7_1]);
                if (android.text.TextUtils.isEmpty(v15_2)) {
                    v7_1++;
                } else {
                    v9 = android.net.Uri.parse(v15_2);
                    break;
                }
            }
            android.net.Uri v13 = 0;
            String v14 = this.getString("android.media.metadata.MEDIA_URI");
            if (!android.text.TextUtils.isEmpty(v14)) {
                v13 = android.net.Uri.parse(v14);
            }
            android.support.v4.media.MediaDescriptionCompat$Builder v4_1 = new android.support.v4.media.MediaDescriptionCompat$Builder();
            v4_1.setMediaId(v12);
            v4_1.setTitle(v16[0]);
            v4_1.setSubtitle(v16[1]);
            v4_1.setDescription(v16[2]);
            v4_1.setIconBitmap(v8);
            v4_1.setIconUri(v9);
            v4_1.setMediaUri(v13);
            android.os.Bundle v5_1 = new android.os.Bundle();
            if (this.mBundle.containsKey("android.media.metadata.BT_FOLDER_TYPE")) {
                v5_1.putLong("android.media.extra.BT_FOLDER_TYPE", this.getLong("android.media.metadata.BT_FOLDER_TYPE"));
            }
            if (this.mBundle.containsKey("android.media.metadata.DOWNLOAD_STATUS")) {
                v5_1.putLong("android.media.extra.DOWNLOAD_STATUS", this.getLong("android.media.metadata.DOWNLOAD_STATUS"));
            }
            if (!v5_1.isEmpty()) {
                v4_1.setExtras(v5_1);
            }
            this.mDescription = v4_1.build();
            v19_17 = this.mDescription;
        } else {
            v19_17 = this.mDescription;
        }
        return v19_17;
    }

Method android.support.v4.graphics.drawable.IconCompat.getUri() calling method android.net.Uri.parse()


    public android.net.Uri getUri()
    {
        if ((this.mType != -1) || (android.os.Build$VERSION.SDK_INT < 23)) {
            android.net.Uri v0_3 = android.net.Uri.parse(((String) this.mObj1));
        } else {
            v0_3 = android.support.v4.graphics.drawable.IconCompat.getUri(((android.graphics.drawable.Icon) this.mObj1));
        }
        return v0_3;
    }

Method android.support.v4.graphics.drawable.IconCompat.loadDrawableInner() calling method android.net.Uri.parse()


    private android.graphics.drawable.Drawable loadDrawableInner(android.content.Context p13)
    {
        android.graphics.drawable.BitmapDrawable v7_1;
        switch (this.mType) {
            case 1:
                v7_1 = new android.graphics.drawable.BitmapDrawable(p13.getResources(), ((android.graphics.Bitmap) this.mObj1));
                break;
            case 2:
                String v4 = this.getResPackage();
                if (android.text.TextUtils.isEmpty(v4)) {
                    v4 = p13.getPackageName();
                }
                try {
                    v7_1 = android.support.v4.content.res.ResourcesCompat.getDrawable(android.support.v4.graphics.drawable.IconCompat.getResources(p13, v4), this.mInt1, p13.getTheme());
                } catch (java.io.FileNotFoundException v0_2) {
                    android.graphics.Bitmap v9_7 = new Object[2];
                    v9_7[0] = Integer.valueOf(this.mInt1);
                    v9_7[1] = this.mObj1;
                    android.util.Log.e("IconCompat", String.format("Unable to load resource 0x%08x from pkg=%s", v9_7), v0_2);
                    v7_1 = 0;
                }
                break;
            case 3:
                v7_1 = new android.graphics.drawable.BitmapDrawable(p13.getResources(), android.graphics.BitmapFactory.decodeByteArray(((byte[]) ((byte[]) this.mObj1)), this.mInt1, this.mInt2));
                break;
            case 4:
                java.io.FileInputStream v1;
                android.net.Uri v6 = android.net.Uri.parse(((String) this.mObj1));
                String v5 = v6.getScheme();
                if ((!"content".equals(v5)) && (!"file".equals(v5))) {
                    try {
                        v1 = new java.io.FileInputStream(new java.io.File(((String) this.mObj1)));
                    } catch (java.io.FileNotFoundException v0_0) {
                        android.util.Log.w("IconCompat", new StringBuilder().append("Unable to load image from path: ").append(v6).toString(), v0_0);
                    }
                } else {
                    try {
                        v1 = p13.getContentResolver().openInputStream(v6);
                    } catch (java.io.FileNotFoundException v0_1) {
                        android.util.Log.w("IconCompat", new StringBuilder().append("Unable to load image from URI: ").append(v6).toString(), v0_1);
                    }
                }
                if (v1 == null) {
                } else {
                    v7_1 = new android.graphics.drawable.BitmapDrawable(p13.getResources(), android.graphics.BitmapFactory.decodeStream(v1));
                }
                break;
            case 5:
                v7_1 = new android.graphics.drawable.BitmapDrawable(p13.getResources(), android.support.v4.graphics.drawable.IconCompat.createLegacyIconFromAdaptiveIcon(((android.graphics.Bitmap) this.mObj1), 0));
                break;
            default:
        }
        return v7_1;
    }

Method android.support.v4.app.RemoteInput.getDataResultsFromIntent() calling method android.net.Uri.parse()


    public static java.util.Map getDataResultsFromIntent(android.content.Intent p10, String p11)
    {
        java.util.Map v7 = 0;
        if (android.os.Build$VERSION.SDK_INT < 26) {
            if (android.os.Build$VERSION.SDK_INT < 16) {
                android.util.Log.w("RemoteInput", "RemoteInput is only supported from API Level 16");
            } else {
                android.content.Intent v1 = android.support.v4.app.RemoteInput.getClipDataIntentFromIntent(p10);
                if (v1 != null) {
                    java.util.Map v5_1 = new java.util.HashMap();
                    boolean v8_2 = v1.getExtras().keySet().iterator();
                    while (v8_2.hasNext()) {
                        String v3_1 = ((String) v8_2.next());
                        if (v3_1.startsWith("android.remoteinput.dataTypeResultsData")) {
                            String v4 = v3_1.substring("android.remoteinput.dataTypeResultsData".length());
                            if (!v4.isEmpty()) {
                                String v6 = v1.getBundleExtra(v3_1).getString(p11);
                                if ((v6 != null) && (!v6.isEmpty())) {
                                    v5_1.put(v4, android.net.Uri.parse(v6));
                                }
                            }
                        }
                    }
                    if (v5_1.isEmpty()) {
                        v5_1 = 0;
                    }
                    v7 = v5_1;
                }
            }
        } else {
            v7 = android.app.RemoteInput.getDataResultsFromIntent(p10, p11);
        }
        return v7;
    }

Method android.support.v4.app.ActivityCompat.getReferrer() calling method android.net.Uri.parse()


    public static android.net.Uri getReferrer(android.app.Activity p5)
    {
        int v1_0;
        if (android.os.Build$VERSION.SDK_INT < 22) {
            android.content.Intent v0 = p5.getIntent();
            v1_0 = ((android.net.Uri) v0.getParcelableExtra("android.intent.extra.REFERRER"));
            if (v1_0 == 0) {
                String v2 = v0.getStringExtra("android.intent.extra.REFERRER_NAME");
                if (v2 == null) {
                    v1_0 = 0;
                } else {
                    v1_0 = android.net.Uri.parse(v2);
                }
            }
        } else {
            v1_0 = p5.getReferrer();
        }
        return v1_0;
    }