mobsf.mobsfscan.webview.webview_javascript_interface.webview_javascript_interface
MobSFAuthor
unknown
Download Count*
License
Ensure that javascript interface is implemented securely. Execution of user controlled code in WebView is a critical Security issue.
Run Locally
Run in CI
Defintion
rules:
- id: webview_javascript_interface
patterns:
- pattern-either:
- pattern: |
addJavascriptInterface(...)
- pattern: |
$W.addJavascriptInterface(...)
message: Ensure that javascript interface is implemented securely. Execution of
user controlled code in WebView is a critical Security issue.
languages:
- java
severity: WARNING
metadata:
cwe: cwe-749
owasp-mobile: m1
masvs: platform-7
reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#determining-whether-java-objects-are-exposed-through-webviews-mstg-platform-7
license: LGPL-3.0-or-later
Short Link: https://sg.run/D0LY