mirror of
https://github.com/github/codeql.git
synced 2026-05-04 21:25:44 +02:00
Adjusted sources and sanitizer of UnsafeCertTrust taint tracking config
This commit is contained in:
Tony Torralba
@@ -1,5 +1,6 @@
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.Socket;
|
||||
import java.nio.ByteBuffer;
|
||||
import javax.net.SocketFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
@@ -13,41 +14,61 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL engine is set to null
|
||||
*/
|
||||
public void testSSLEngineEndpointIdSetNull() throws java.security.NoSuchAlgorithmException {
|
||||
public void testSSLEngineEndpointIdSetNull() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLEngine sslEngine = sslContext.createSSLEngine();
|
||||
SSLParameters sslParameters = sslEngine.getSSLParameters();
|
||||
sslParameters.setEndpointIdentificationAlgorithm(null);
|
||||
sslEngine.setSSLParameters(sslParameters);
|
||||
sslEngine.getSession(); // $hasUnsafeCertTrust
|
||||
sslEngine.beginHandshake(); // $hasUnsafeCertTrust
|
||||
sslEngine.wrap(new ByteBuffer[] {}, null); // $hasUnsafeCertTrust
|
||||
sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the endpoint identification of SSL engine is not set
|
||||
* Test the endpoint identification of SSL engine is set to null
|
||||
*/
|
||||
public void testSSLEngineEndpointIdNotSet() throws java.security.NoSuchAlgorithmException {
|
||||
public void testSSLEngineEndpointIdSetEmpty() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLEngine sslEngine = sslContext.createSSLEngine();
|
||||
sslEngine.getSession(); // $hasUnsafeCertTrust
|
||||
SSLParameters sslParameters = sslEngine.getSSLParameters();
|
||||
sslParameters.setEndpointIdentificationAlgorithm("");
|
||||
sslEngine.setSSLParameters(sslParameters);
|
||||
sslEngine.beginHandshake(); // $hasUnsafeCertTrust
|
||||
sslEngine.wrap(new ByteBuffer[] {}, null); // $hasUnsafeCertTrust
|
||||
sslEngine.unwrap(null, null, 0, 0); // $hasUnsafeCertTrust
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the endpoint identification of SSL engine is set to HTTPS
|
||||
*/
|
||||
public void testSSLEngineEndpointIdSafe() throws java.security.NoSuchAlgorithmException {
|
||||
public void testSSLEngineEndpointIdSafe() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLEngine sslEngine = sslContext.createSSLEngine();
|
||||
SSLParameters sslParameters = sslEngine.getSSLParameters();
|
||||
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
sslEngine.setSSLParameters(sslParameters);
|
||||
sslEngine.getSession(); // Safe
|
||||
sslEngine.beginHandshake(); // Safe
|
||||
sslEngine.wrap(new ByteBuffer[] {}, null); // Safe
|
||||
sslEngine.unwrap(null, null, 0, 0); // Safe
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the endpoint identification of SSL engine is set to HTTPS
|
||||
*/
|
||||
public void testSSLEngineInServerMode() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLEngine sslEngine = sslContext.createSSLEngine();
|
||||
sslEngine.setUseClientMode(false);
|
||||
sslEngine.beginHandshake(); // Safe
|
||||
sslEngine.wrap(new ByteBuffer[] {}, null); // Safe
|
||||
sslEngine.unwrap(null, null, 0, 0); // Safe
|
||||
}
|
||||
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is not set
|
||||
*/
|
||||
public void testSSLSocketImmediatelyConnects()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketImmediatelyConnects() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket("www.example.com", 443); // $hasUnsafeCertTrust
|
||||
@@ -56,8 +77,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is not set
|
||||
*/
|
||||
public void testSSLSocketEndpointIdNotSet()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketEndpointIdNotSet() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket();
|
||||
@@ -67,8 +87,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is set to null
|
||||
*/
|
||||
public void testSSLSocketEndpointIdSetNull()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketEndpointIdSetNull() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket();
|
||||
@@ -81,8 +100,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is set to empty
|
||||
*/
|
||||
public void testSSLSocketEndpointIdSetEmpty()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketEndpointIdSetEmpty() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket();
|
||||
@@ -95,8 +113,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is not set
|
||||
*/
|
||||
public void testSSLSocketEndpointIdAfterConnecting()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketEndpointIdAfterConnecting() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket("www.example.com", 443); // $hasUnsafeCertTrust
|
||||
@@ -108,8 +125,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of SSL socket is not set
|
||||
*/
|
||||
public void testSSLSocketEndpointIdSafe()
|
||||
throws java.security.NoSuchAlgorithmException, java.io.IOException {
|
||||
public void testSSLSocketEndpointIdSafe() throws Exception {
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||
SSLSocket socket = (SSLSocket) socketFactory.createSocket();
|
||||
@@ -122,7 +138,7 @@ public class UnsafeCertTrustTest {
|
||||
/**
|
||||
* Test the endpoint identification of regular socket is not set
|
||||
*/
|
||||
public void testSocketEndpointIdNotSet() throws java.io.IOException {
|
||||
public void testSocketEndpointIdNotSet() throws Exception {
|
||||
SocketFactory socketFactory = SocketFactory.getDefault();
|
||||
Socket socket = socketFactory.createSocket("www.example.com", 80); // Safe
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ class Conf extends TaintTracking::Configuration {
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof SslConnectionCreation }
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node sanitizer) {
|
||||
sanitizer instanceof SslConnectionWithSafeSslParameters
|
||||
sanitizer instanceof SslUnsafeCertTrustSanitizer
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user