hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 03:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
This commit is contained in:
Tony Torralba
2021-10-05 09:40:22 +02:00
parent 3323f7ab1a
commit a86cbd884e
4 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
View File

@@ -5,6 +5,7 @@
* makes the session susceptible to a man-in-the-middle attack.
* @kind problem
* @problem.severity warning
* @security-severity 5.9
* @precision medium
* @id java/insecure-smtp-ssl
* @tags security
@@ -17,7 +18,7 @@ import semmle.code.java.security.Mail
from MethodAccess ma
where
ma.getMethod() instanceof MailSessionGetInstanceMethod and
isInsecureMailPropertyConfig(ma.getArgument(0))
isInsecureMailPropertyConfig(ma.getArgument(0).(VarAccess).getVariable())
or
enablesEmailSsl(ma) and not hasSslCertificateCheck(ma.getQualifier())
enablesEmailSsl(ma) and not hasSslCertificateCheck(ma.getQualifier().(VarAccess).getVariable())
select ma, "Java mailing has insecure SSL configuration"