hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Include changes from review

Browse Source
This commit is contained in:
Porcupiney Hairs
2024-09-19 22:52:20 +05:30
parent 57d1035acd
commit ee41e65e90
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.qhelp
View File

@@ -1,15 +1,16 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
Disabling verification of the SSL certificate allows man-in-the-middle attacks.
A SSL connection is vulnerable to man-in-the-middle attacks if the certification is not checked
properly.
If the peer or the host's certificate verification is not verified, the underlying SSL
communication is insecure.
<p>
Disabling verification of the SSL certificate allows man-in-the-middle attacks. A SSL
connection is vulnerable to man-in-the-middle attacks if the certification is not checked
properly. If the peer or the host's certificate verification is not verified, the underlying
SSL communication is insecure.</p>
</overview>
<recommendation>
It is recommended that all communications be done post verification of the host as well as the
peer.
<p>It is recommended that all communications be done post verification of the host as well as
the
peer.</p>
</recommendation>
<example>
<p>The following snippet disables certification verification by setting the value of <code>
@@ -27,7 +28,7 @@
<li> Related CVE: <a href="https://github.com/advisories/GHSA-5r3h-c3r7-9w4h"> CVE-2022-33684</a></li>
<li> Related security advisory: <a
href="https://huntr.com/bounties/42325662-6329-4e04-875a-49e2f5d69f78">
<code>openframeworks/openframeworks</code>
openframeworks/openframeworks
</a></li>
</references>
</qhelp>

3
cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.ql
View File

@@ -34,7 +34,6 @@ private class CurlVerificationConstant extends EnumConstantAccess {
from CurlSetOptCall c
where
c.getArgument(1) = any(CurlVerificationConstant v)
and
c.getArgument(1) = any(CurlVerificationConstant v) and
c.getArgument(2).getValue() = "0"
select c, "This call disables Secure Socket Layer and could potentially lead to MITM attacks"