org.sonar.java.checks.security.WebViewJavaScriptInterfaceCheck Maven / Gradle / Ivy
The newest version!
/*
* SonarQube Java
* Copyright (C) 2012-2025 SonarSource SA
* mailto:info AT sonarsource DOT com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the Sonar Source-Available License Version 1, as published by SonarSource SA.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the Sonar Source-Available License for more details.
*
* You should have received a copy of the Sonar Source-Available License
* along with this program; if not, see https://sonarsource.com/license/ssal/
*/
package org.sonar.java.checks.security;
import java.util.Collections;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;
@Rule(key = "S7409")
public class WebViewJavaScriptInterfaceCheck extends AbstractMethodDetection {
private static final String MESSAGE = "Exposing a Javascript interface can expose sensitive information to attackers. Make sure it is safe here.";
@Override
protected MethodMatchers getMethodInvocationMatchers() {
return MethodMatchers.create()
.ofSubTypes("android.webkit.WebView")
.names("addJavascriptInterface")
.addParametersMatcher("java.lang.Object", "java.lang.String")
.build();
}
@Override
public List nodesToVisit() {
return Collections.singletonList(Tree.Kind.METHOD_INVOCATION);
}
@Override
protected void onMethodInvocationFound(MethodInvocationTree mit) {
reportIssue(mit, MESSAGE);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy