hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed another false-positive in CWE-297/IgnoredHostnameVerification.ql

Browse Source
This commit is contained in:
Artem Smotrakov
2022-01-16 18:55:49 +00:00
parent 6dad0e21d9
commit 825fe1797a
2 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
View File

@@ -51,8 +51,11 @@ private class CheckFailedHostnameVerificationConfig extends DataFlow::Configurat
}
override predicate isSink(DataFlow::Node sink) {
exists(Guard guard, ThrowStmt throwStmt |
guard.controls(throwStmt.getBasicBlock(), _) and
exists(Guard guard, ThrowStmt throwStmt, ReturnStmt returnStmt |
(
guard.controls(throwStmt.getBasicBlock(), false) or
guard.controls(returnStmt.getBasicBlock(), true)
) and
(
guard = sink.asExpr() or
guard.(EqualityTest).getAnOperand() = sink.asExpr() or
@@ -64,4 +67,4 @@ private class CheckFailedHostnameVerificationConfig extends DataFlow::Configurat
from HostnameVerificationCall verification
where verification.isIgnored()
select verification, "Ignored result of hostname verification."
select verification, "Ignored result of hostname verification."

17
java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java
View File

@@ -90,17 +90,30 @@ public class IgnoredHostnameVerification {
throw new SSLException("Oops! Hostname verification failed!");
}
// GOOD: connect and check result of HostnameVerifier.verify()
public static String connectWithHostnameVerification04(
String[] hosts, HostnameVerifier verifier, SSLSession session) throws IOException {
for (String host : hosts) {
if (verifier.verify(host, session)) {
return host;
}
}
throw new SSLException("Oops! Hostname verification failed!");
}
public static class HostnameVerifierWrapper implements HostnameVerifier {
private final HostnameVerifier verifier;
public HostnameVerifierWrapper(HostnameVerifier verifier) {
this.verifier = verifier;
this.verifier = verifier;
}
@Override
public boolean verify(String hostname, SSLSession session) {
return verifier.verify(hostname, session); // GOOD: wrapped calls should not be reported
return verifier.verify(hostname, session); // GOOD: wrapped calls should not be reported
}
}