Fix assumption regarding when an SSLSocket does the TLS handhsake

java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.java

@@ -1,4 +1,3 @@
-import java.net.InetSocketAddress;
 import java.net.Socket;
 import java.nio.ByteBuffer;
 import javax.net.SocketFactory;
@@ -25,9 +24,6 @@ public class UnsafeCertTrustTest {
 		sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the endpoint identification of SSL engine is set to null
-	 */
 	public void testSSLEngineEndpointIdSetEmpty() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLEngine sslEngine = sslContext.createSSLEngine();
@@ -39,9 +35,6 @@ public class UnsafeCertTrustTest {
 		sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the endpoint identification of SSL engine is set to HTTPS
-	 */
 	public void testSSLEngineEndpointIdSafe() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLEngine sslEngine = sslContext.createSSLEngine();
@@ -53,9 +46,6 @@ public class UnsafeCertTrustTest {
 		sslEngine.unwrap(null, null, 0, 0); // Safe
 	}
 
-	/**
-	 * Test the endpoint identification of SSL engine is set to HTTPS
-	 */
 	public void testSSLEngineInServerMode() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLEngine sslEngine = sslContext.createSSLEngine();
@@ -65,28 +55,13 @@ public class UnsafeCertTrustTest {
 		sslEngine.unwrap(null, null, 0, 0); // Safe
 	}
 
-	/**
-	 * Test the endpoint identification of SSL socket is not set
-	 */
-	public void testSSLSocketImmediatelyConnects() throws Exception {
-		SSLContext sslContext = SSLContext.getInstance("TLS");
-		SocketFactory socketFactory = sslContext.getSocketFactory();
-		SSLSocket socket = (SSLSocket) socketFactory.createSocket("www.example.com", 443); // $hasUnsafeCertTrust
-	}
-
-	/**
-	 * Test the endpoint identification of SSL socket is not set
-	 */
 	public void testSSLSocketEndpointIdNotSet() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
 		SSLSocket socket = (SSLSocket) socketFactory.createSocket();
-		socket.connect(new InetSocketAddress("www.example.com", 443)); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the endpoint identification of SSL socket is set to null
-	 */
 	public void testSSLSocketEndpointIdSetNull() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
@@ -94,12 +69,9 @@ public class UnsafeCertTrustTest {
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm(null);
 		socket.setSSLParameters(sslParameters);
-		socket.connect(new InetSocketAddress("www.example.com", 443)); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the endpoint identification of SSL socket is set to empty
-	 */
 	public void testSSLSocketEndpointIdSetEmpty() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
@@ -107,24 +79,19 @@ public class UnsafeCertTrustTest {
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("");
 		socket.setSSLParameters(sslParameters);
-		socket.connect(new InetSocketAddress("www.example.com", 443)); // $hasUnsafeCertTrust
+		socket.getOutputStream(); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the endpoint identification of SSL socket is not set
-	 */
 	public void testSSLSocketEndpointIdAfterConnecting() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
-		SSLSocket socket = (SSLSocket) socketFactory.createSocket("www.example.com", 443); // $hasUnsafeCertTrust
+		SSLSocket socket = (SSLSocket) socketFactory.createSocket();
+		socket.getOutputStream(); // $hasUnsafeCertTrust
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 		socket.setSSLParameters(sslParameters);
 	}
 
-	/**
-	 * Test the endpoint identification of SSL socket is not set
-	 */
 	public void testSSLSocketEndpointIdSafe() throws Exception {
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLSocketFactory socketFactory = sslContext.getSocketFactory();
@@ -132,28 +99,20 @@ public class UnsafeCertTrustTest {
 		SSLParameters sslParameters = socket.getSSLParameters();
 		sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 		socket.setSSLParameters(sslParameters);
-		socket.connect(new InetSocketAddress("www.example.com", 443)); // Safe
+		socket.getOutputStream(); // Safe
 	}
 
-	/**
-	 * Test the endpoint identification of regular socket is not set
-	 */
 	public void testSocketEndpointIdNotSet() throws Exception {
 		SocketFactory socketFactory = SocketFactory.getDefault();
-		Socket socket = socketFactory.createSocket("www.example.com", 80); // Safe
+		Socket socket = socketFactory.createSocket("www.example.com", 80);
+		socket.getOutputStream(); // Safe
 	}
 
-	/**
-	 * Test the enableHostnameVerification of RabbitMQConnectionFactory is not set
-	 */
 	public void testRabbitMQFactoryEnableHostnameVerificationNotSet() throws Exception {
 		ConnectionFactory connectionFactory = new ConnectionFactory();
 		connectionFactory.useSslProtocol(); // $hasUnsafeCertTrust
 	}
 
-	/**
-	 * Test the enableHostnameVerification of RabbitMQConnectionFactory is not set
-	 */
 	public void testRabbitMQFactorySafe() throws Exception {
 		ConnectionFactory connectionFactory = new ConnectionFactory();
 		connectionFactory.useSslProtocol(); // Safe