hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consider setSslContextFactory and fix tests

Browse Source
This commit is contained in:
Tony Torralba
2021-07-01 11:47:49 +02:00
parent 4d207101e2
commit d9e98ceacc
5 changed files with 478 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.java
View File

@@ -1,5 +1,6 @@
import java.net.Socket;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
@@ -7,6 +8,7 @@ import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import com.rabbitmq.client.ConnectionFactory;
import com.rabbitmq.client.SslContextFactory;
public class UnsafeCertTrustTest {
@@ -146,13 +148,39 @@ public class UnsafeCertTrustTest {
}
public void testRabbitMQFactoryEnableHostnameVerificationNotSet() throws Exception {
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.useSslProtocol(); // $hasUnsafeCertTrust
{
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.useSslProtocol(SSLContext.getDefault()); // $hasUnsafeCertTrust
}
{
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.setSslContextFactory(new TestSslContextFactory()); // $hasUnsafeCertTrust
}
}
public void testRabbitMQFactorySafe() throws Exception {
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.useSslProtocol(); // Safe
connectionFactory.enableHostnameVerification();
{
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.useSslProtocol(SSLContext.getDefault()); // Safe
connectionFactory.enableHostnameVerification();
}
{
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.setSslContextFactory(new TestSslContextFactory()); // Safe
connectionFactory.enableHostnameVerification();
}
}
static class TestSslContextFactory implements SslContextFactory {
@Override
public SSLContext create(String name) {
try {
return SSLContext.getDefault();
} catch (NoSuchAlgorithmException e) {
return null;
}
}
}
}