Java: Flag "intentionally" unsafe methods in tests.

Previously intentionally unsafe methods such as `disableCertificate` would be ignored by this query. But now they will also be flagged as it is hard to guess intentions... Adjust the tests to account for this change.
2026-04-30 19:26:02 +02:00 · 2021-04-12 15:19:18 +02:00
parent 7023793af4
commit 484533c659
2 changed files with 14 additions and 10 deletions
--- a/java/ql/test/query-tests/security/CWE-295/InsecureTrustManagerTest.java
+++ b/java/ql/test/query-tests/security/CWE-295/InsecureTrustManagerTest.java
@@ -89,9 +89,9 @@ public class InsecureTrustManagerTest {
 	private static void disableTrustManager() throws NoSuchAlgorithmException, KeyManagementException {
 		SSLContext context = SSLContext.getInstance("TLS");
 		TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-		context.init(null, trustManager, null); // GOOD: Uses a `TrustManager` that does not verify the
+		context.init(null, trustManager, null); // BAD: Uses a `TrustManager` that does not verify the
 												// certificate
-		// chain, allowing any certificate. BUT it is the method name suggests that this
-		// is intentional.
+		// chain, allowing any certificate. The method name suggests that this may be
+		// intentional, but we flag it anyway.
 	}
 }