Potentially Call to dangerous WebView settings API

Description

List of all WebView methods used in the application.

Recommendation

If your application accesses sensitive data with a WebView, you may want to use the clearCache() method to delete any files stored locally.

Any URI received via an intent from outside a trust-boundary should be validated before rendering it with WebView

Technical details
[TAINT] Const '1' ==>>> Sink '['Landroid/webkit/WebSettings;', 'setJavaScriptEnabled', '(Z)V', '0', 'HTTP_NETWORKING_SINK']' [[('Lorg/apache/cordova/engine/SystemWebViewEngine;', 'initWebViewSettings', '()V'), ('Landroid/webkit/WebSettings;', 'setJavaScriptEnabled', '(Z)V')]]

JavaScript in Webview is enabled. setJavaScriptEnabled is set to true:

Method org.apache.cordova.engine.SystemWebViewEngine.initWebViewSettings():


    private void initWebViewSettings()
    {
        this.webView.setInitialScale(0);
        this.webView.setVerticalScrollBarEnabled(0);
        android.webkit.WebSettings v9 = this.webView.getSettings();
        v9.setJavaScriptEnabled(1);
        v9.setJavaScriptCanOpenWindowsAutomatically(1);
        v9.setLayoutAlgorithm(android.webkit.WebSettings$LayoutAlgorithm.NORMAL);
        try {
            int v12_3 = new Class[1];
            v12_3[0] = Boolean.TYPE;
            reflect.Method v5 = android.webkit.WebSettings.getMethod("setNavDump", v12_3);
            org.apache.cordova.LOG.d("SystemWebViewEngine", new StringBuilder().append("CordovaWebView is running on device made by: ").append(android.os.Build.MANUFACTURER).toString());
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "We are on a modern version of Android, we will deprecate HTC 2.3 devices in 2.8");
            v9.setSaveFormData(0);
            v9.setSavePassword(0);
            if (android.os.Build$VERSION.SDK_INT >= 16) {
                v9.setAllowUniversalAccessFromFileURLs(1);
            }
            if (android.os.Build$VERSION.SDK_INT >= 17) {
                v9.setMediaPlaybackRequiresUserGesture(0);
            }
            String v2 = this.webView.getContext().getApplicationContext().getDir("database", 0).getPath();
            v9.setDatabaseEnabled(1);
            v9.setDatabasePath(v2);
            if (((this.webView.getContext().getApplicationContext().getApplicationInfo().flags & 2) != 0) && (android.os.Build$VERSION.SDK_INT >= 19)) {
                this.enableRemoteDebugging();
            }
            v9.setGeolocationDatabasePath(v2);
            v9.setDomStorageEnabled(1);
            v9.setGeolocationEnabled(1);
            v9.setAppCacheMaxSize(5242880);
            v9.setAppCachePath(v2);
            v9.setAppCacheEnabled(1);
            v9.setUseWideViewPort(1);
            v9.setLoadWithOverviewMode(1);
            String v3 = v9.getUserAgentString();
            String v8 = this.preferences.getString("OverrideUserAgent", 0);
            if (v8 == null) {
                String v1 = this.preferences.getString("AppendUserAgent", 0);
                if (v1 != null) {
                    v9.setUserAgentString(new StringBuilder().append(v3).append(" ").append(v1).toString());
                }
            } else {
                v9.setUserAgentString(v8);
            }
            android.content.IntentFilter v6_1 = new android.content.IntentFilter();
            v6_1.addAction("android.intent.action.CONFIGURATION_CHANGED");
            if (this.receiver == null) {
                this.receiver = new org.apache.cordova.engine.SystemWebViewEngine$2(this, v9);
                this.webView.getContext().registerReceiver(this.receiver, v6_1);
            }
            return;
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "Doing the NavDump failed with bad arguments");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: IllegalAccessException means this isn\'t Android anymore");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: InvocationTargetException means this isn\'t Android anymore.");
        }
        if ((android.os.Build$VERSION.SDK_INT >= 11) || (!android.os.Build.MANUFACTURER.contains("HTC"))) {
        } else {
            android.content.Context v10_34 = new Object[1];
            v10_34[0] = Boolean.valueOf(1);
            v5.invoke(v9, v10_34);
        }
    }

Method android.webkit.WebSettings.setJavaScriptEnabled() not found.

[TAINT] Const '1' ==>>> Sink '['Landroid/webkit/WebSettings;', 'setJavaScriptEnabled', '(Z)V', '0', 'HTTP_NETWORKING_SINK']' [[('Lorg/apache/cordova/engine/SystemWebViewEngine;', 'init', '(Lorg/apache/cordova/CordovaWebView; Lorg/apache/cordova/CordovaInterface; Lorg/apache/cordova/CordovaWebViewEngine$Client; Lorg/apache/cordova/CordovaResourceApi; Lorg/apache/cordova/PluginManager; Lorg/apache/cordova/NativeToJsMessageQueue;)V'), ('Lorg/apache/cordova/engine/SystemWebViewEngine;', 'initWebViewSettings', '()V'), ('Landroid/webkit/WebSettings;', 'setJavaScriptEnabled', '(Z)V')]]

JavaScript in Webview is enabled. setJavaScriptEnabled is set to true:

Method org.apache.cordova.engine.SystemWebViewEngine.init():


    public void init(org.apache.cordova.CordovaWebView p3, org.apache.cordova.CordovaInterface p4, org.apache.cordova.CordovaWebViewEngine$Client p5, org.apache.cordova.CordovaResourceApi p6, org.apache.cordova.PluginManager p7, org.apache.cordova.NativeToJsMessageQueue p8)
    {
        if (this.cordova == null) {
            if (this.preferences == null) {
                this.preferences = p3.getPreferences();
            }
            this.parentWebView = p3;
            this.cordova = p4;
            this.client = p5;
            this.resourceApi = p6;
            this.pluginManager = p7;
            this.nativeToJsMessageQueue = p8;
            this.webView.init(this, p4);
            this.initWebViewSettings();
            p8.addBridgeMode(new org.apache.cordova.NativeToJsMessageQueue$OnlineEventsBridgeMode(new org.apache.cordova.engine.SystemWebViewEngine$1(this)));
            if (android.os.Build$VERSION.SDK_INT > 18) {
                p8.addBridgeMode(new org.apache.cordova.NativeToJsMessageQueue$EvalBridgeMode(this, p4));
            }
            this.bridge = new org.apache.cordova.CordovaBridge(p7, p8);
            org.apache.cordova.engine.SystemWebViewEngine.exposeJsInterface(this.webView, this.bridge);
            return;
        } else {
            throw new IllegalStateException();
        }
    }

Method org.apache.cordova.engine.SystemWebViewEngine.initWebViewSettings():


    private void initWebViewSettings()
    {
        this.webView.setInitialScale(0);
        this.webView.setVerticalScrollBarEnabled(0);
        android.webkit.WebSettings v9 = this.webView.getSettings();
        v9.setJavaScriptEnabled(1);
        v9.setJavaScriptCanOpenWindowsAutomatically(1);
        v9.setLayoutAlgorithm(android.webkit.WebSettings$LayoutAlgorithm.NORMAL);
        try {
            int v12_3 = new Class[1];
            v12_3[0] = Boolean.TYPE;
            reflect.Method v5 = android.webkit.WebSettings.getMethod("setNavDump", v12_3);
            org.apache.cordova.LOG.d("SystemWebViewEngine", new StringBuilder().append("CordovaWebView is running on device made by: ").append(android.os.Build.MANUFACTURER).toString());
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "We are on a modern version of Android, we will deprecate HTC 2.3 devices in 2.8");
            v9.setSaveFormData(0);
            v9.setSavePassword(0);
            if (android.os.Build$VERSION.SDK_INT >= 16) {
                v9.setAllowUniversalAccessFromFileURLs(1);
            }
            if (android.os.Build$VERSION.SDK_INT >= 17) {
                v9.setMediaPlaybackRequiresUserGesture(0);
            }
            String v2 = this.webView.getContext().getApplicationContext().getDir("database", 0).getPath();
            v9.setDatabaseEnabled(1);
            v9.setDatabasePath(v2);
            if (((this.webView.getContext().getApplicationContext().getApplicationInfo().flags & 2) != 0) && (android.os.Build$VERSION.SDK_INT >= 19)) {
                this.enableRemoteDebugging();
            }
            v9.setGeolocationDatabasePath(v2);
            v9.setDomStorageEnabled(1);
            v9.setGeolocationEnabled(1);
            v9.setAppCacheMaxSize(5242880);
            v9.setAppCachePath(v2);
            v9.setAppCacheEnabled(1);
            v9.setUseWideViewPort(1);
            v9.setLoadWithOverviewMode(1);
            String v3 = v9.getUserAgentString();
            String v8 = this.preferences.getString("OverrideUserAgent", 0);
            if (v8 == null) {
                String v1 = this.preferences.getString("AppendUserAgent", 0);
                if (v1 != null) {
                    v9.setUserAgentString(new StringBuilder().append(v3).append(" ").append(v1).toString());
                }
            } else {
                v9.setUserAgentString(v8);
            }
            android.content.IntentFilter v6_1 = new android.content.IntentFilter();
            v6_1.addAction("android.intent.action.CONFIGURATION_CHANGED");
            if (this.receiver == null) {
                this.receiver = new org.apache.cordova.engine.SystemWebViewEngine$2(this, v9);
                this.webView.getContext().registerReceiver(this.receiver, v6_1);
            }
            return;
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "Doing the NavDump failed with bad arguments");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: IllegalAccessException means this isn\'t Android anymore");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: InvocationTargetException means this isn\'t Android anymore.");
        }
        if ((android.os.Build$VERSION.SDK_INT >= 11) || (!android.os.Build.MANUFACTURER.contains("HTC"))) {
        } else {
            android.content.Context v10_34 = new Object[1];
            v10_34[0] = Boolean.valueOf(1);
            v5.invoke(v9, v10_34);
        }
    }

Method android.webkit.WebSettings.setJavaScriptEnabled() not found.

Method org.apache.cordova.engine.SystemWebViewEngine.exposeJsInterface() calling method android.webkit.WebView.addJavascriptInterface()


    private static void exposeJsInterface(android.webkit.WebView p3, org.apache.cordova.CordovaBridge p4)
    {
        if (android.os.Build$VERSION.SDK_INT >= 17) {
            p3.addJavascriptInterface(new org.apache.cordova.engine.SystemExposedJsApi(p4), "_cordovaNative");
        } else {
            org.apache.cordova.LOG.i("SystemWebViewEngine", "Disabled addJavascriptInterface() bridge since Android version is old.");
        }
        return;
    }

Method org.apache.cordova.engine.SystemWebView.setWebViewClient() calling method android.webkit.WebView.setWebViewClient()


    public void setWebViewClient(android.webkit.WebViewClient p2)
    {
        this.viewClient = ((org.apache.cordova.engine.SystemWebViewClient) p2);
        super.setWebViewClient(p2);
        return;
    }

Method org.apache.cordova.CordovaPlugin.fromPluginUri() calling method android.net.Uri.parse()


    protected android.net.Uri fromPluginUri(android.net.Uri p2)
    {
        return android.net.Uri.parse(p2.getQueryParameter("origUri"));
    }

Method org.apache.cordova.Whitelist.isUrlWhiteListed() calling method android.net.Uri.parse()


    public boolean isUrlWhiteListed(String p6)
    {
        int v3 = 1;
        if (this.whiteList != null) {
            android.net.Uri v1 = android.net.Uri.parse(p6);
            java.util.Iterator v2 = this.whiteList.iterator();
            while (v2.hasNext()) {
                if (((org.apache.cordova.Whitelist$URLPattern) v2.next()).matches(v1)) {
                }
            }
            v3 = 0;
        }
        return v3;
    }

Method org.apache.cordova.engine.SystemWebViewClient.shouldInterceptRequest() calling method android.net.Uri.parse()


    public android.webkit.WebResourceResponse shouldInterceptRequest(android.webkit.WebView p11, String p12)
    {
        try {
            int v5_5;
            if (this.parentEngine.pluginManager.shouldAllowRequest(p12)) {
                org.apache.cordova.CordovaResourceApi v3 = this.parentEngine.resourceApi;
                android.net.Uri v1 = android.net.Uri.parse(p12);
                android.net.Uri v2 = v3.remapUri(v1);
                if ((v1.equals(v2)) && ((!org.apache.cordova.engine.SystemWebViewClient.needsSpecialsInAssetUrlFix(v1)) && (!org.apache.cordova.engine.SystemWebViewClient.needsKitKatContentUrlFix(v1)))) {
                    v5_5 = 0;
                } else {
                    org.apache.cordova.CordovaResourceApi$OpenForReadResult v4 = v3.openForRead(v2, 1);
                    v5_5 = new android.webkit.WebResourceResponse(v4.mimeType, "UTF-8", v4.inputStream);
                }
            } else {
                org.apache.cordova.LOG.w("SystemWebViewClient", new StringBuilder().append("URL blocked by whitelist: ").append(p12).toString());
                v5_5 = new android.webkit.WebResourceResponse("text/plain", "UTF-8", 0);
            }
        } catch (java.io.IOException v0) {
            if (!(v0 instanceof java.io.FileNotFoundException)) {
                org.apache.cordova.LOG.e("SystemWebViewClient", "Error occurred while loading a file (returning a 404).", v0);
            }
            v5_5 = new android.webkit.WebResourceResponse("text/plain", "UTF-8", 0);
        }
        return v5_5;
    }

Method org.apache.cordova.CordovaWebViewImpl.showWebPage() calling method android.net.Uri.parse()


    public void showWebPage(String p10, boolean p11, boolean p12, java.util.Map p13)
    {
        String v5_2 = new Object[3];
        v5_2[0] = p10;
        v5_2[1] = Boolean.valueOf(p11);
        v5_2[2] = Boolean.valueOf(p12);
        org.apache.cordova.LOG.d("CordovaWebViewImpl", "showWebPage(%s, %b, %b, HashMap)", v5_2);
        if (p12) {
            this.engine.clearHistory();
        }
        if (!p11) {
            if (!this.pluginManager.shouldAllowNavigation(p10)) {
                org.apache.cordova.LOG.w("CordovaWebViewImpl", new StringBuilder().append("showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=").append(p10).toString());
            } else {
                this.loadUrlIntoView(p10, 1);
            }
        }
        if (this.pluginManager.shouldOpenExternalUrl(p10).booleanValue()) {
            try {
                android.content.Intent v1_1 = new android.content.Intent("android.intent.action.VIEW");
                v1_1.addCategory("android.intent.category.BROWSABLE");
                android.net.Uri v2 = android.net.Uri.parse(p10);
            } catch (android.content.ActivityNotFoundException v0) {
                org.apache.cordova.LOG.e("CordovaWebViewImpl", new StringBuilder().append("Error loading url ").append(p10).toString(), v0);
            }
            if (!"file".equals(v2.getScheme())) {
                v1_1.setData(v2);
            } else {
                v1_1.setDataAndType(v2, this.resourceApi.getMimeType(v2));
            }
            this.cordova.getActivity().startActivity(v1_1);
        } else {
            org.apache.cordova.LOG.w("CordovaWebViewImpl", new StringBuilder().append("showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=").append(p10).toString());
        }
        return;
    }

Method org.apache.cordova.engine.SystemWebViewEngine.initWebViewSettings() calling method android.webkit.WebSettings.setJavaScriptEnabled()


    private void initWebViewSettings()
    {
        this.webView.setInitialScale(0);
        this.webView.setVerticalScrollBarEnabled(0);
        android.webkit.WebSettings v9 = this.webView.getSettings();
        v9.setJavaScriptEnabled(1);
        v9.setJavaScriptCanOpenWindowsAutomatically(1);
        v9.setLayoutAlgorithm(android.webkit.WebSettings$LayoutAlgorithm.NORMAL);
        try {
            int v12_3 = new Class[1];
            v12_3[0] = Boolean.TYPE;
            reflect.Method v5 = android.webkit.WebSettings.getMethod("setNavDump", v12_3);
            org.apache.cordova.LOG.d("SystemWebViewEngine", new StringBuilder().append("CordovaWebView is running on device made by: ").append(android.os.Build.MANUFACTURER).toString());
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "We are on a modern version of Android, we will deprecate HTC 2.3 devices in 2.8");
            v9.setSaveFormData(0);
            v9.setSavePassword(0);
            if (android.os.Build$VERSION.SDK_INT >= 16) {
                v9.setAllowUniversalAccessFromFileURLs(1);
            }
            if (android.os.Build$VERSION.SDK_INT >= 17) {
                v9.setMediaPlaybackRequiresUserGesture(0);
            }
            String v2 = this.webView.getContext().getApplicationContext().getDir("database", 0).getPath();
            v9.setDatabaseEnabled(1);
            v9.setDatabasePath(v2);
            if (((this.webView.getContext().getApplicationContext().getApplicationInfo().flags & 2) != 0) && (android.os.Build$VERSION.SDK_INT >= 19)) {
                this.enableRemoteDebugging();
            }
            v9.setGeolocationDatabasePath(v2);
            v9.setDomStorageEnabled(1);
            v9.setGeolocationEnabled(1);
            v9.setAppCacheMaxSize(5242880);
            v9.setAppCachePath(v2);
            v9.setAppCacheEnabled(1);
            v9.setUseWideViewPort(1);
            v9.setLoadWithOverviewMode(1);
            String v3 = v9.getUserAgentString();
            String v8 = this.preferences.getString("OverrideUserAgent", 0);
            if (v8 == null) {
                String v1 = this.preferences.getString("AppendUserAgent", 0);
                if (v1 != null) {
                    v9.setUserAgentString(new StringBuilder().append(v3).append(" ").append(v1).toString());
                }
            } else {
                v9.setUserAgentString(v8);
            }
            android.content.IntentFilter v6_1 = new android.content.IntentFilter();
            v6_1.addAction("android.intent.action.CONFIGURATION_CHANGED");
            if (this.receiver == null) {
                this.receiver = new org.apache.cordova.engine.SystemWebViewEngine$2(this, v9);
                this.webView.getContext().registerReceiver(this.receiver, v6_1);
            }
            return;
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "Doing the NavDump failed with bad arguments");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: IllegalAccessException means this isn\'t Android anymore");
        } catch (reflect.InvocationTargetException v4) {
            org.apache.cordova.LOG.d("SystemWebViewEngine", "This should never happen: InvocationTargetException means this isn\'t Android anymore.");
        }
        if ((android.os.Build$VERSION.SDK_INT >= 11) || (!android.os.Build.MANUFACTURER.contains("HTC"))) {
        } else {
            android.content.Context v10_34 = new Object[1];
            v10_34[0] = Boolean.valueOf(1);
            v5.invoke(v9, v10_34);
        }
    }