hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Apply suggestions for QHelp

Browse Source
This commit is contained in:
intrigus
2021-01-27 22:10:48 +01:00
parent d37d922e8f
commit 8a7f6b72e9
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp
View File

@@ -6,14 +6,20 @@
<p>
If the <code>checkServerTrusted</code> method of a <code>TrustManager</code> never throws a <code>CertificateException</code> it trusts every certificate.
This allows an attacker to perform a machine-in-the-middle attack against the application therefore breaking any security Transport Layer Security (TLS) gives.
</p>
An attack would look like this:
1. The program connects to <code>https://example.com</code>.
2. The attacker intercepts this connection and presents a valid, self-signed certificate for <code>https://example.com</code>.
3. Java calls the <code>checkServerTrusted</code> method to check whether it should trust the certificate.
4. The <code>checkServerTrusted</code> method of your <code>TrustManager</code> does not throw a <code>CertificateException</code>.
5. Java proceeds with the connection since your <code>TrustManager</code> implicitly trusted it by not throwing an exception.
6. The attacker can now read the data your program sends to <code>https://example.com</code> and/or alter its replies while the program thinks the connection is secure.
<p>
An attack might look like this:
</p>
<ol>
<li>The vulnerable program connects to <code>https://example.com</code>.
<li>The attacker intercepts this connection and presents a valid, self-signed certificate for <code>https://example.com</code>.
<li>The vulnerable program calls the <code>checkServerTrusted</code> method to check whether it should trust the certificate.
<li>The <code>checkServerTrusted</code> method of your <code>TrustManager</code> does not throw a <code>CertificateException</code>.
<li>The vulnerable program accepts the certificate and proceeds with the connection since your <code>TrustManager</code> implicitly trusted it by not throwing an exception.
<li>The attacker can now read the data your program sends to <code>https://example.com</code> and/or alter its replies while the program thinks the connection is secure.
</ol>
</p>
</overview>