fix semgrep test

MobSF · May 27, 2024 · ea72a3f · ea72a3f
1 parent dfd1245
commit ea72a3f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/mobsfscan/rules/patterns/android/kotlin/kotlin_rules.yaml b/mobsfscan/rules/patterns/android/kotlin/kotlin_rules.yaml
@@ -84,11 +84,11 @@
   message: >-
     Ensure that user controlled URLs never reaches the Webview. Enabling file access
     from URLs in WebView can leak sensitive information from the file system.
-  type: RegexAnd
+  type: RegexAndOr
   pattern:
     - setJavaScriptEnabled\(true\)
-    - \.setAllowFileAccessFromFileURLs\(true\)
-    - \.setAllowUniversalAccessFromFileURLs\(true\)
+    - - \.setAllowFileAccessFromFileURLs\(true\)
+      - \.setAllowUniversalAccessFromFileURLs\(true\)
   severity: warning
   input_case: exact
   metadata:

diff --git a/tests/assets/rules/semgrep/webview/webview_allow_file_from_url.java b/tests/assets/rules/semgrep/webview/webview_allow_file_from_url.java
@@ -13,10 +13,10 @@ public void onCreate(Bundle savedInstanceState) {
         setContentView(R.layout.main);
         WebView webView = (WebView)findViewById(R.id.webView);
         String badUrl = getIntent().getStringExtra("URL");
+        // ruleid:webview_allow_file_from_url
         boolean x = true;
         WebSettings webSettings = webView.getSettings();
         webSettings.setJavaScriptEnabled(true);
-        // ruleid:webview_allow_file_from_url
         webSettings.setAllowFileAccessFromFileURLs(x);
         webView.setWebChromeClient(new WebChromeClient());
         webView.loadUrl(badUrl);