hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Improved the query for disabled certificate revocation checking

Browse Source 
- Added a taint propagation step for List.of() methods
- Added a testcase with one of the List.of() method
- Simplified conditions
- Fixed typos
This commit is contained in:
Artem Smotrakov
2020-06-22 18:16:07 +03:00
parent 06e3f101ce
commit a2fa03e4f5
4 changed files with 36 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/test/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.java
View File

@@ -47,7 +47,7 @@ public class DisabledRevocationChecking {
validator.validate(certPath, params);
}
public void testSettingRevocationCheckerWithList(KeyStore cacerts, CertPath certPath) throws Exception {
public void testSettingRevocationCheckerWithAddingToArrayList(KeyStore cacerts, CertPath certPath) throws Exception {
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
PKIXParameters params = new PKIXParameters(cacerts);
params.setRevocationEnabled(false);
@@ -58,6 +58,16 @@ public class DisabledRevocationChecking {
validator.validate(certPath, params);
}
public void testSettingRevocationCheckerWithListOf(KeyStore cacerts, CertPath certPath) throws Exception {
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
PKIXParameters params = new PKIXParameters(cacerts);
params.setRevocationEnabled(false);
PKIXRevocationChecker checker = (PKIXRevocationChecker) validator.getRevocationChecker();
List<PKIXCertPathChecker> checkers = List.of(checker);
params.setCertPathCheckers(checkers);
validator.validate(certPath, params);
}
public void testAddingRevocationChecker(KeyStore cacerts, CertPath certPath) throws Exception {
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
PKIXParameters params = new PKIXParameters(cacerts);