rspec/rules/S6363/description.adoc

Exposing the Android file system to WebViews is security-sensitive.

Granting file access to WebViews, particularly through the `file://` scheme, introduces a risk of local file inclusion
vulnerabilities. The severity of this risk depends heavily on the specific `WebSettings` configured.  Overly permissive
settings can allow malicious scripts to access a wide range of local files, potentially exposing sensitive data such as
Personally Identifiable Information (PII) or private application data, leading to data breaches and other security
compromises.
Update rule S7201: Disable rule and move rule text to S6363 (SONARKT-636) (#4802) * Close S7201 * Update S6363 with updated descriptions * Update OWASP categories with S7201 info 2025-03-26 11:57:39 +01:00			`Exposing the Android file system to WebViews is security-sensitive.`
Create rule S6363[java]: Enabling file access for WebViews is security-sensitive (#461) 2021-10-12 15:38:05 +02:00
Update rule S7201: Disable rule and move rule text to S6363 (SONARKT-636) (#4802) * Close S7201 * Update S6363 with updated descriptions * Update OWASP categories with S7201 info 2025-03-26 11:57:39 +01:00			Granting file access to WebViews, particularly through the `file://` scheme, introduces a risk of local file inclusion
			vulnerabilities. The severity of this risk depends heavily on the specific `WebSettings` configured. Overly permissive
			`settings can allow malicious scripts to access a wide range of local files, potentially exposing sensitive data such as`
			`Personally Identifiable Information (PII) or private application data, leading to data breaches and other security`
			`compromises.`