hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Convert unsafe hostname verification sinks to CSV format

Browse Source
This commit is contained in:
Tamas Vajk
2021-04-01 09:11:47 +02:00
parent 17fd758df1
commit e544faed6d
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
View File

@@ -15,6 +15,7 @@ import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.Encryption
import DataFlow::PathGraph
private import semmle.code.java.dataflow.ExternalFlow
/**
* Holds if `m` always returns `true` ignoring any exceptional flow.
@@ -49,14 +50,7 @@ class TrustAllHostnameVerifierConfiguration extends DataFlow::Configuration {
source.asExpr().(ClassInstanceExpr).getConstructedType() instanceof TrustAllHostnameVerifier
}
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma, Method m |
(m instanceof SetDefaultHostnameVerifierMethod or m instanceof SetHostnameVerifierMethod) and
ma.getMethod() = m
|
ma.getArgument(0) = sink.asExpr()
)
}
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "set-hostname") }
override predicate isBarrier(DataFlow::Node barrier) {
// ignore nodes that are in functions that intentionally disable hostname verification