Veracode Volnerability Issue in MediaView.java
rkaartikeyan opened this issue · 1 comments
rkaartikeyan commented
Preliminary Info
What Airship dependencies are you using?
Android: airshipVersion = "16.4.0"
What are the versions of any relevant development tools you are using?
React Native Framework
Report
What unexpected behavior are you seeing?
MediaView.java
Line no: 229
Description: The WebView wv has disabled safe browsing which puts the user at risk of browsing malicious or otherwise undesirable websites. The default is for safe browsing to be enabled.
Remediation: Do not disable safe browsing.
What is the expected behavior?
The above veracode issue should not appear during veracode scan.
What are the steps to reproduce the unexpected behavior?
- Build APK
- Scan with Veracode
Do you have logging for the issue?
N/A
rlepinski commented
Safe browsing defaults to the app settings. Are you override that in your manifest?
This issue is mitigated by a url allow list on the web view. We can take a look at forcing safe mode on our webviews in a future release, but it does not seem high priority at the moment.