JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
Java

JAVA.IO.INJ.ANDROID.URL : Android URL Injection (Java)

要旨

Tainted Android device data flows into an field or method annotated as @UrlTrusted.

Checks for this class use the CodeSonar Java taint analysis. See Taint Tracking for CodeSonar Java Warning Classes for more information on this analysis, including lists of the methods that CodeSonar automatically recognizes as relevant and information about specifying additional methods that CodeSonar should recognize as taint sources, sinks, or sanitizers.

プロパティ

クラス名 Android URL Injection (Java)
日本語クラス名 Android URL Injection (Java)
クラス分類 セキュリティ (security)
ニーモニック JAVA.IO.INJ.ANDROID.URL
カテゴリー
CWE CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  CWE:601 URL Redirection to Untrusted Site ('Open Redirect')
OWASP-2017 OWASP-2017:A1 Injection
  OWASP-2017:A3 Sensitive data exposure
OWASP-2021 OWASP-2021:A2 Cryptographic failures
  OWASP-2021:A3 Injection
  OWASP-2021:A5 Security misconfiguration
OWASP-2025 OWASP-2025:A01 Broken Access Control
  OWASP-2025:A04 Cryptographic Failures
  OWASP-2025:A05 Injection
対応言語 Available for Java and Kotlin.
有効/無効設定 このワーニングクラスのチェックはデフォルトで無効になっています。チェックを有効にするにはプロジェクト設定ファイル (configuration file)に以下の WARNING_FILTER ルールを追加してください。 
WARNING_FILTER += allow class="Android URL Injection (Java)"


public class MainActivity extends AppCompatActivity {
  private Button button;
  private EditText text;

  @Override
  protected void onCreate(Bundle savedInstanceState) {
      super.onCreate(savedInstanceState);
      setContentView(R.layout.activity_main);
      button = (Button) this.findViewById(R.id.goToSecond);
      button.setOnClickListener( new View.OnClickListener() {
          @Override
          public void onClick(View v) {
              String writeText=text.getText().toString();
              memorizeText(writeText);
          }
      });
  }

  private void memorizeText(String writeText) {
    try {
      OutputStreamWriter outputStreamWriter = new OutputStreamWriter(this.openFileOutput("StoreMyNotes.txt", Context.MODE_PRIVATE));
      outputStreamWriter.write(writeText);
      outputStreamWriter.close();
    }
    catch (IOException e) {
      Log.d("Err",e.getMessage());
      onBugShake();
    }
  }

  private void onBugShake(){
      TelephonyManager tm =(TelephonyManager)getApplicationContext().getSystemService(Context.TELEPHONY_SERVICE);
      try {
        URL myUrl = new URL("http://www.captureIssues.com/memorize?device="+ Build.DEVICE+"&id="+ tm.getDeviceId()+"&system="+Build.VERSION.SDK_INT);
        URLConnection uc=myUrl.openConnection();
        uc.connect();
      } catch (IOException e) {
        e.printStackTrace();  // "Android URL Injection (Java)" warning issued here
      }
  }
}

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

 

To report problems with this documentation, please visit https://support.codesecure.com/.