Android

Space shortcuts

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version Current

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added entry for CodeSonar warning class mapping

...

Page properties
hiddentrue
idapi_levels
API Levels10

API Levels

16

Risk Assessment

Allowing an app to provide access to the addJavascriptInterface method in a WebView which could contain untrusted content may leave it open to scripting attacks that could corrupt the host, for API level JELLY_BEAN and below.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD13-J

High

Probable

Medium

P12

L1

Automated Detection

Automatic detection of a call to the addJavascriptInterface() method in a WebView is straightforward. Similarly, it is straightforward to automatically ensure that the minimum API is set to JELLY_BEAN_MR1 in the app manifest. Automatic determination of whether the WebView could contain untrusted content may be impossible for some applications.be impossible for some applications.

Tool

Version

Checker

Description

CodeSonar

Include Page
CodeSonar_V
CodeSonar_V

JAVA.JS.RI

Risky JavaScript interface (Java)

Related Guidelines

[The CERT Oracle Secure Coding Standard for Java]SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields

Bibliography

[Android API 2013]class WebView
[Android API 2013]<uses-sdk>

...


...