From 51df84ed1cdc973efbe4a287fffcbdf3a0c6bfc4 Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Tue, 9 May 2023 12:15:57 -0400
Subject: [PATCH] Java: update set-hostname-verifier sink kind to
 hostname-verification

---
 java/ql/lib/ext/javax.net.ssl.model.yml                       | 4 ++--
 java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll        | 2 +-
 .../code/java/security/UnsafeHostnameVerificationQuery.qll    | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/java/ql/lib/ext/javax.net.ssl.model.yml b/java/ql/lib/ext/javax.net.ssl.model.yml
index 7cbed92c184..59085b8d120 100644
--- a/java/ql/lib/ext/javax.net.ssl.model.yml
+++ b/java/ql/lib/ext/javax.net.ssl.model.yml
@@ -3,5 +3,5 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"]
-      - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "set-hostname-verifier", "manual"]
+      - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"]
+      - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"]
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
index 27bc65e8ee2..78c98c07b04 100644
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -277,7 +277,7 @@ module ModelValidation {
           "open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url",
           "log-injection", "mvel-injection", "xpath-injection", "groovy-injection", "xss",
           "ognl-injection", "intent-redirection", "pending-intents", "url-redirection",
-          "create-file", "read-file", "write-file", "set-hostname-verifier", "header-splitting",
+          "create-file", "read-file", "write-file", "hostname-verification", "header-splitting",
           "information-leak", "xslt-injection", "jexl-injection", "bean-validation",
           "template-injection", "fragment-injection", "command-injection"
         ] and
diff --git a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll
index 1fc60e3494e..1b44121591c 100644
--- a/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/UnsafeHostnameVerificationQuery.qll
@@ -74,7 +74,7 @@ module TrustAllHostnameVerifierFlow = DataFlow::Global<TrustAllHostnameVerifierC
  * A sink that sets the `HostnameVerifier` on `HttpsURLConnection`.
  */
 private class HostnameVerifierSink extends DataFlow::Node {
-  HostnameVerifierSink() { sinkNode(this, "set-hostname-verifier") }
+  HostnameVerifierSink() { sinkNode(this, "hostname-verification") }
 }
 
 /**