mirror of
https://github.com/github/codeql.git
synced 2026-05-10 17:29:26 +02:00
46 lines
1.2 KiB
Plaintext
46 lines
1.2 KiB
Plaintext
/**
|
|
* @name Failure to use SSL
|
|
* @description Non-SSL connections can be intercepted by third parties.
|
|
* @kind problem
|
|
* @problem.severity recommendation
|
|
* @security-severity 7.5
|
|
* @precision medium
|
|
* @id java/non-ssl-connection
|
|
* @tags security
|
|
* external/cwe/cwe-319
|
|
*/
|
|
|
|
import java
|
|
import semmle.code.java.dataflow.TypeFlow
|
|
import semmle.code.java.security.Encryption
|
|
|
|
class UrlConnection extends RefType {
|
|
UrlConnection() {
|
|
this.getAnAncestor().hasQualifiedName("java.net", "URLConnection") and
|
|
not this.hasName("JarURLConnection")
|
|
}
|
|
}
|
|
|
|
class Socket extends RefType {
|
|
Socket() { this.getAnAncestor().hasQualifiedName("java.net", "Socket") }
|
|
}
|
|
|
|
from MethodAccess m, Class c, string type
|
|
where
|
|
m.getQualifier().getType() = c and
|
|
(
|
|
c instanceof UrlConnection and type = "connection"
|
|
or
|
|
c instanceof Socket and type = "socket"
|
|
) and
|
|
not c instanceof SSLClass and
|
|
not exists(RefType t |
|
|
exprTypeFlow(m.getQualifier(), t, _) and
|
|
t instanceof SSLClass
|
|
) and
|
|
(
|
|
m.getMethod().getName() = "getInputStream" or
|
|
m.getMethod().getName() = "getOutputStream"
|
|
)
|
|
select m, "Stream using vulnerable non-SSL " + type + "."
|