hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
73653f77aa8d5aad7a96420dce3b6fa1285924a4
codeql/java/ql/test/query-tests/security/CWE-297/InsecureJavaMailTest.java
Tony Torralba 73653f77aa Use InlineExpectationsTest
2021-10-05 09:18:45 +02:00

76 lines
2.5 KiB
Java
Raw Blame History

import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import org.apache.commons.mail.DefaultAuthenticator;
import org.apache.commons.mail.Email;
import org.apache.commons.mail.SimpleEmail;
import java.util.Properties;
class InsecureJavaMailTest {
public void testJavaMail() {
final Properties properties = new Properties();
properties.put("mail.transport.protocol", "protocol");
properties.put("mail.smtp.host", "hostname");
properties.put("mail.smtp.socketFactory.class", "classname");
final javax.mail.Authenticator authenticator = new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("username", "password");
}
};
if (null != authenticator) {
properties.put("mail.smtp.auth", "true");
}
final Session session = Session.getInstance(properties, authenticator); // $hasInsecureJavaMail
}
public void testSecureJavaMail() {
final Properties properties = new Properties();
properties.put("mail.transport.protocol", "protocol");
properties.put("mail.smtp.host", "hostname");
properties.put("mail.smtp.socketFactory.class", "classname");
final javax.mail.Authenticator authenticator = new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("username", "password");
}
};
if (null != authenticator) {
properties.put("mail.smtp.auth", "true");
properties.put("mail.smtp.ssl.checkserveridentity", "true");
}
final Session session = Session.getInstance(properties, authenticator); // Safe
}
public void testSimpleMail() throws Exception {
Email email = new SimpleEmail();
email.setHostName("config.hostName");
email.setSmtpPort(25);
email.setAuthenticator(new DefaultAuthenticator("config.username", "config.password"));
email.setSSLOnConnect(true); // $hasInsecureJavaMail
email.setFrom("fromAddress");
email.setSubject("subject");
email.setMsg("body");
email.addTo("toAddress");
email.send();
}
public void testSecureSimpleMail() throws Exception {
Email email = new SimpleEmail();
email.setHostName("config.hostName");
email.setSmtpPort(25);
email.setAuthenticator(new DefaultAuthenticator("config.username", "config.password"));
email.setSSLOnConnect(true); // Safe
email.setSSLCheckServerIdentity(true);
email.setFrom("fromAddress");
email.setSubject("subject");
email.setMsg("body");
email.addTo("toAddress");
email.send();
}
}
Reference in New Issue View Git Blame Copy Permalink