hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from review.

Browse Source
This commit is contained in:
intrigus
2020-12-09 23:29:59 +01:00
parent 70b0703952
commit 0a9df07df7
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
View File

@@ -4,16 +4,20 @@
* @kind path-problem
* @problem.severity error
* @precision high
* @id java/everything-accepting-hostname-verifier
* @id java/insecure-hostname-verifier
* @tags security
* external/cwe/cwe-297
*/
import java
import semmle.code.java.security.Encryption
import semmle.code.java.dataflow.DataFlow
import DataFlow::PathGraph
import semmle.code.java.controlflow.Guards
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.Encryption
import DataFlow::PathGraph
/**
* Holds if `m` always returns `true` ignoring any exceptional flow.

2
java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.qhelp
View File

@@ -4,7 +4,7 @@
<qhelp>
<overview>
<p>Java offers two mechanisms for SSL authentication - trust manager and hostname verifier (not checked by this query). Trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.</p>
<p>Java offers two mechanisms for SSL authentication - trust manager and hostname verifier (checked by the <code>java/insecure-hostname-verifier</code> query). Trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.</p>
<p>And when SSLSocket or SSLEngine is created without a valid parameter of setEndpointIdentificationAlgorithm, hostname verification is disabled by default.</p>
<p>Unsafe implementation of the interface X509TrustManager and SSLSocket/SSLEngine ignores all SSL certificate validation errors when establishing an HTTPS connection, thereby making the app vulnerable to man-in-the-middle attacks.</p>
<p>This query checks whether trust manager is set to trust all certificates or setEndpointIdentificationAlgorithm is missing. The query also covers a special implementation com.rabbitmq.client.ConnectionFactory.</p>