hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use classes from semmle.code.java.security.Encryption

Browse Source
This commit is contained in:
Artem Smotrakov
2022-02-12 15:31:35 +00:00
parent 651e43dee6
commit 36e565d673
1 changed files with 3 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
View File

@@ -11,20 +11,13 @@
*/
import java
/** The `HostnameVerifier.verify()` method. */
private class HostnameVerifierVerifyMethod extends Method {
HostnameVerifierVerifyMethod() {
this.getDeclaringType().getASupertype*().hasQualifiedName("javax.net.ssl", "HostnameVerifier") and
this.hasStringSignature("verify(String, SSLSession)")
}
}
import semmle.code.java.security.Encryption
/** A `HostnameVerifier.verify()` call that is not wrapped in another `HostnameVerifier`. */
private class HostnameVerificationCall extends MethodAccess {
HostnameVerificationCall() {
this.getMethod() instanceof HostnameVerifierVerifyMethod and
not this.getCaller() instanceof HostnameVerifierVerifyMethod
this.getMethod() instanceof HostnameVerifierVerify and
not this.getCaller() instanceof HostnameVerifierVerify
}
/** Holds if the result of the call is not used. */