hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a false-positive in CWE-297/IgnoredHostnameVerification.ql

Browse Source
This commit is contained in:
Artem Smotrakov
2022-01-09 22:14:13 +00:00
parent e11cb943a6
commit f78002bc02
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
View File

@@ -12,7 +12,7 @@
import java
import semmle.code.java.controlflow.Guards
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking
private class HostnameVerificationCall extends MethodAccess {
HostnameVerificationCall() {
@@ -27,12 +27,14 @@ private class HostnameVerificationCall extends MethodAccess {
not exists(
DataFlow::Node source, DataFlow::Node sink, CheckFailedHostnameVerificationConfig config
|
this = source.asExpr() and config.hasFlow(source, sink)
this = source.asExpr()
|
config.hasFlow(source, sink)
)
}
}
private class CheckFailedHostnameVerificationConfig extends DataFlow::Configuration {
private class CheckFailedHostnameVerificationConfig extends TaintTracking::Configuration {
CheckFailedHostnameVerificationConfig() { this = "CheckFailedHostnameVerificationConfig" }
override predicate isSource(DataFlow::Node source) {
@@ -43,6 +45,7 @@ private class CheckFailedHostnameVerificationConfig extends DataFlow::Configurat
exists(Guard guard, ThrowStmt throwStmt |
guard.controls(throwStmt.getBasicBlock(), _) and
(
guard = sink.asExpr() or
guard.(EqualityTest).getAnOperand() = sink.asExpr() or
guard.(HostnameVerificationCall) = sink.asExpr()
)

5
java/ql/test/experimental/query-tests/security/CWE-297/IgnoredHostnameVerification.java
View File

@@ -62,7 +62,10 @@ public class IgnoredHostnameVerification {
SSLSocket socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(host, port);
socket.startHandshake();
boolean successful = verifier.verify(host, socket.getSession());
boolean successful = false;
if (verifier != null) {
successful = verifier.verify(host, socket.getSession());
}
if (!successful) {
socket.close();
throw new SSLException("Oops! Hostname verification failed!");