Move back to experimental.........

2026-03-28 02:08:17 +01:00 · 2021-06-17 19:10:50 +02:00
parent fe923facc8
commit 36575bb26f
6 changed files with 0 additions and 0 deletions
--- a/java/ql/test/query-tests/security/CWE-295/InsecureTrustManager.expected
+++ b/java/ql/test/query-tests/security/CWE-295/InsecureTrustManager.expected
@@ -1,72 +0,0 @@
-edges
-| InsecureTrustManagerTest.java:121:54:121:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:122:22:122:33 | trustManager |
-| InsecureTrustManagerTest.java:130:55:130:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:131:23:131:34 | trustManager |
-| InsecureTrustManagerTest.java:151:55:151:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:152:23:152:34 | trustManager |
-| InsecureTrustManagerTest.java:172:55:172:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:173:23:173:34 | trustManager |
-| InsecureTrustManagerTest.java:193:55:193:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:194:23:194:34 | trustManager |
-| InsecureTrustManagerTest.java:214:55:214:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:215:23:215:34 | trustManager |
-| InsecureTrustManagerTest.java:235:55:235:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:236:23:236:34 | trustManager |
-| InsecureTrustManagerTest.java:257:55:257:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:258:23:258:34 | trustManager |
-| InsecureTrustManagerTest.java:280:55:280:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:281:23:281:34 | trustManager |
-| InsecureTrustManagerTest.java:305:54:305:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:306:22:306:33 | trustManager |
-| InsecureTrustManagerTest.java:319:54:319:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:320:22:320:33 | trustManager |
-| InsecureTrustManagerTest.java:333:54:333:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:334:22:334:33 | trustManager |
-| InsecureTrustManagerTest.java:347:54:347:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:348:22:348:33 | trustManager |
-| InsecureTrustManagerTest.java:361:54:361:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:362:22:362:33 | trustManager |
-| InsecureTrustManagerTest.java:375:54:375:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:376:22:376:33 | trustManager |
-| InsecureTrustManagerTest.java:390:54:390:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:391:22:391:33 | trustManager |
-| InsecureTrustManagerTest.java:405:54:405:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:406:22:406:33 | trustManager |
-| InsecureTrustManagerTest.java:414:54:414:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:415:22:415:33 | trustManager |
-nodes
-| InsecureTrustManagerTest.java:121:54:121:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:122:22:122:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:130:55:130:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:131:23:131:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:151:55:151:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:152:23:152:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:172:55:172:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:173:23:173:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:193:55:193:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:194:23:194:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:214:55:214:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:215:23:215:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:235:55:235:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:236:23:236:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:257:55:257:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:258:23:258:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:280:55:280:80 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:281:23:281:34 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:305:54:305:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:306:22:306:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:319:54:319:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:320:22:320:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:333:54:333:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:334:22:334:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:347:54:347:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:348:22:348:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:361:54:361:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:362:22:362:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:375:54:375:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:376:22:376:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:390:54:390:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:391:22:391:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:405:54:405:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:406:22:406:33 | trustManager | semmle.label | trustManager |
-| InsecureTrustManagerTest.java:414:54:414:79 | new InsecureTrustManager(...) : InsecureTrustManager | semmle.label | new InsecureTrustManager(...) : InsecureTrustManager |
-| InsecureTrustManagerTest.java:415:22:415:33 | trustManager | semmle.label | trustManager |
-#select
-| InsecureTrustManagerTest.java:122:22:122:33 | trustManager | InsecureTrustManagerTest.java:121:54:121:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:122:22:122:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:121:54:121:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:152:23:152:34 | trustManager | InsecureTrustManagerTest.java:151:55:151:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:152:23:152:34 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:151:55:151:80 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:194:23:194:34 | trustManager | InsecureTrustManagerTest.java:193:55:193:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:194:23:194:34 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:193:55:193:80 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:236:23:236:34 | trustManager | InsecureTrustManagerTest.java:235:55:235:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:236:23:236:34 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:235:55:235:80 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:258:23:258:34 | trustManager | InsecureTrustManagerTest.java:257:55:257:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:258:23:258:34 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:257:55:257:80 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:281:23:281:34 | trustManager | InsecureTrustManagerTest.java:280:55:280:80 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:281:23:281:34 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:280:55:280:80 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:306:22:306:33 | trustManager | InsecureTrustManagerTest.java:305:54:305:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:306:22:306:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:305:54:305:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:320:22:320:33 | trustManager | InsecureTrustManagerTest.java:319:54:319:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:320:22:320:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:319:54:319:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:334:22:334:33 | trustManager | InsecureTrustManagerTest.java:333:54:333:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:334:22:334:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:333:54:333:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:348:22:348:33 | trustManager | InsecureTrustManagerTest.java:347:54:347:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:348:22:348:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:347:54:347:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:362:22:362:33 | trustManager | InsecureTrustManagerTest.java:361:54:361:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:362:22:362:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:361:54:361:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:376:22:376:33 | trustManager | InsecureTrustManagerTest.java:375:54:375:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:376:22:376:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:375:54:375:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:391:22:391:33 | trustManager | InsecureTrustManagerTest.java:390:54:390:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:391:22:391:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:390:54:390:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:406:22:406:33 | trustManager | InsecureTrustManagerTest.java:405:54:405:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:406:22:406:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:405:54:405:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
-| InsecureTrustManagerTest.java:415:22:415:33 | trustManager | InsecureTrustManagerTest.java:414:54:414:79 | new InsecureTrustManager(...) : InsecureTrustManager | InsecureTrustManagerTest.java:415:22:415:33 | trustManager | $@ that is defined $@ and trusts any certificate, is used here. | InsecureTrustManagerTest.java:414:54:414:79 | new InsecureTrustManager(...) : InsecureTrustManager | This trustmanager | InsecureTrustManagerTest.java:35:23:35:42 | InsecureTrustManager | here |
--- a/java/ql/test/query-tests/security/CWE-295/InsecureTrustManager.qlref
+++ b/java/ql/test/query-tests/security/CWE-295/InsecureTrustManager.qlref
@@ -1 +0,0 @@
-Security/CWE/CWE-295/InsecureTrustManager.ql
--- a/java/ql/test/query-tests/security/CWE-295/InsecureTrustManagerTest.java
+++ b/java/ql/test/query-tests/security/CWE-295/InsecureTrustManagerTest.java
@@ -1,420 +0,0 @@
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-public class InsecureTrustManagerTest {
-
-	private static final boolean TRUST_ALL = true;
-	private static final boolean SOME_NAME_THAT_IS_NOT_A_FLAG_NAME = true;
-
-	private static boolean isDisableTrust() {
-		return true;
-	}
-
-	private static boolean is42TheAnswerForEverything() {
-		return true;
-	}
-
-	private static class InsecureTrustManager implements X509TrustManager {
-		@Override
-		public X509Certificate[] getAcceptedIssuers() {
-			return null;
-		}
-
-		@Override
-		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-			// BAD: Does not verify the certificate chain, allowing any certificate.
-		}
-
-		@Override
-		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-
-		}
-	}
-
-	public static void main(String[] args) throws Exception {
-		directInsecureTrustManagerCall();
-
-		namedVariableFlagDirectInsecureTrustManagerCall();
-		noNamedVariableFlagDirectInsecureTrustManagerCall();
-		namedVariableFlagIndirectInsecureTrustManagerCall();
-		noNamedVariableFlagIndirectInsecureTrustManagerCall();
-
-		stringLiteralFlagDirectInsecureTrustManagerCall();
-		noStringLiteralFlagDirectInsecureTrustManagerCall();
-		stringLiteralFlagIndirectInsecureTrustManagerCall();
-		noStringLiteralFlagIndirectInsecureTrustManagerCall();
-
-		methodAccessFlagDirectInsecureTrustManagerCall();
-		noMethodAccessFlagDirectInsecureTrustManagerCall();
-		methodAccessFlagIndirectInsecureTrustManagerCall();
-		noMethodAccessFlagIndirectInsecureTrustManagerCall();
-
-		isEqualsIgnoreCaseDirectInsecureTrustManagerCall();
-		noIsEqualsIgnoreCaseDirectInsecureTrustManagerCall();
-		isEqualsIgnoreCaseIndirectInsecureTrustManagerCall();
-		noIsEqualsIgnoreCaseIndirectInsecureTrustManagerCall();
-
-		namedVariableFlagNOTGuardingDirectInsecureTrustManagerCall();
-		noNamedVariableFlagNOTGuardingDirectInsecureTrustManagerCall();
-
-		stringLiteralFlagNOTGuardingDirectInsecureTrustManagerCall();
-		noStringLiteralFlagNOTGuardingDirectInsecureTrustManagerCall();
-
-		methodAccessFlagNOTGuardingDirectInsecureTrustManagerCall();
-		noMethodAccessFlagNOTGuardingDirectInsecureTrustManagerCall();
-
-		isEqualsIgnoreCaseNOTGuardingDirectInsecureTrustManagerCall();
-		noIsEqualsIgnoreCaseNOTGuardingDirectInsecureTrustManagerCall();
-
-		directSecureTrustManagerCall();
-
-	}
-
-	private static void directSecureTrustManagerCall() throws NoSuchAlgorithmException, KeyStoreException, IOException,
-			CertificateException, FileNotFoundException, KeyManagementException, MalformedURLException {
-		SSLContext context = SSLContext.getInstance("TLS");
-		File certificateFile = new File("path/to/self-signed-certificate");
-		// Create a `KeyStore` with default type
-		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-		// This causes `keyStore` to be empty
-		keyStore.load(null, null);
-		X509Certificate generatedCertificate;
-		try (InputStream cert = new FileInputStream(certificateFile)) {
-			generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(cert);
-		}
-		// Add the self-signed certificate to the key store
-		keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
-		// Get default `TrustManagerFactory`
-		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-		// Use it with our modified key store that trusts our self-signed certificate
-		tmf.init(keyStore);
-		TrustManager[] trustManagers = tmf.getTrustManagers();
-		context.init(null, trustManagers, null); // GOOD, we are not using a custom `TrustManager` but instead have
-													// added the self-signed certificate we want to trust to the key
-													// store. Note, the `trustManagers` will **only** trust this one
-													// certificate.
-		URL url = new URL("https://self-signed.badssl.com/");
-		HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
-		conn.setSSLSocketFactory(context.getSocketFactory());
-	}
-
-	private static void directInsecureTrustManagerCall() throws NoSuchAlgorithmException, KeyManagementException {
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-												// chain, allowing any certificate.
-	}
-
-	private static void namedVariableFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (TRUST_ALL) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // GOOD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void namedVariableFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (TRUST_ALL) {
-			disableTrustManager(); // GOOD [But the disableTrustManager method itself is still detected]: Calls a
-			// method that install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noNamedVariableFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (SOME_NAME_THAT_IS_NOT_A_FLAG_NAME) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noNamedVariableFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (SOME_NAME_THAT_IS_NOT_A_FLAG_NAME) {
-			disableTrustManager(); // BAD [This is detected in the disableTrustManager method]: Calls a method that
-									// install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void stringLiteralFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("TRUST_ALL"))) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // GOOD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void stringLiteralFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("TRUST_ALL"))) {
-			disableTrustManager(); // GOOD [But the disableTrustManager method itself is still detected]: Calls a
-			// method that install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noStringLiteralFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("SOME_NAME_THAT_IS_NOT_A_FLAG_NAME"))) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noStringLiteralFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("SOME_NAME_THAT_IS_NOT_A_FLAG_NAME"))) {
-			disableTrustManager(); // BAD [This is detected in the disableTrustManager method]: Calls a method that
-			// install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void methodAccessFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (isDisableTrust()) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // GOOD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void methodAccessFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (isDisableTrust()) {
-			disableTrustManager(); // GOOD [But the disableTrustManager method itself is still detected]: Calls a
-			// method that install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. BUT it is guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noMethodAccessFlagDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (is42TheAnswerForEverything()) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noMethodAccessFlagIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (is42TheAnswerForEverything()) {
-			disableTrustManager(); // BAD [This is detected in the disableTrustManager method]: Calls a method that
-			// install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void isEqualsIgnoreCaseDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void isEqualsIgnoreCaseIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			disableTrustManager(); // BAD [This is detected in the disableTrustManager method]: Calls a method that
-			// install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noIsEqualsIgnoreCaseDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (!schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			SSLContext context = SSLContext.getInstance("TLS");
-			TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-			context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void noIsEqualsIgnoreCaseIndirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (!schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			disableTrustManager(); // BAD [This is detected in the disableTrustManager method]: Calls a method that
-			// install a `TrustManager` that does not verify the certificate
-			// chain, allowing any certificate. It is NOT guarded
-			// by a feature flag.
-		}
-	}
-
-	private static void namedVariableFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (TRUST_ALL) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if.
-
-	}
-
-	private static void noNamedVariableFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (SOME_NAME_THAT_IS_NOT_A_FLAG_NAME) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if and it is NOT a valid flag.
-
-	}
-
-	private static void stringLiteralFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("TRUST_ALL"))) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if.
-
-	}
-
-	private static void noStringLiteralFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (Boolean.parseBoolean(System.getProperty("SOME_NAME_THAT_IS_NOT_A_FLAG_NAME"))) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if and it is NOT a valid flag.
-
-	}
-
-	private static void methodAccessFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (isDisableTrust()) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if.
-
-	}
-
-	private static void noMethodAccessFlagNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		if (is42TheAnswerForEverything()) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if and it is NOT a valid flag.
-
-	}
-
-	private static void isEqualsIgnoreCaseNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if and it is NOT a valid flag.
-
-	}
-
-	private static void noIsEqualsIgnoreCaseNOTGuardingDirectInsecureTrustManagerCall()
-			throws NoSuchAlgorithmException, KeyManagementException {
-		String schemaFromHttpRequest = "HTTPS";
-		if (!schemaFromHttpRequest.equalsIgnoreCase("https")) {
-			System.out.println("Disabling trust!");
-		}
-
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the certificate
-		// chain, allowing any certificate. It is NOT guarded
-		// by a feature flag, because it is outside the if and it is NOT a valid flag.
-
-	}
-
-	private static void disableTrustManager() throws NoSuchAlgorithmException, KeyManagementException {
-		SSLContext context = SSLContext.getInstance("TLS");
-		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the
-												// certificate
-		// chain, allowing any certificate. The method name suggests that this may be
-		// intentional, but we flag it anyway.
-	}
-}
				`@@ -1 +0,0 @@`
				`Security/CWE/CWE-295/InsecureTrustManager.ql`