7
7
* @precision medium
8
8
* @id java/ignored-hostname-verification
9
9
* @tags security
10
- * external/cwe/cwe-295
10
+ * external/cwe/cwe-297
11
11
*/
12
12
13
13
import java
14
14
import semmle.code.java.controlflow.Guards
15
- import semmle.code.java.dataflow.TaintTracking
15
+ import semmle.code.java.dataflow.DataFlow
16
16
17
+ /** The `HostnameVerifier.verify()` method. */
18
+ private class HostnameVerifierVerifyMethod extends Method {
19
+ HostnameVerifierVerifyMethod ( ) {
20
+ this .getDeclaringType ( ) .getASupertype * ( ) .hasQualifiedName ( "javax.net.ssl" , "HostnameVerifier" ) and
21
+ this .hasStringSignature ( "verify(String, SSLSession)" )
22
+ }
23
+ }
24
+
25
+ /** Defines `HostnameVerifier.verity()` calls that are not wrapped by another `HostnameVerifier`. */
17
26
private class HostnameVerificationCall extends MethodAccess {
18
27
HostnameVerificationCall ( ) {
19
- getMethod ( )
20
- .getDeclaringType ( )
21
- .getASupertype * ( )
22
- .hasQualifiedName ( "javax.net.ssl" , "HostnameVerifier" ) and
23
- getMethod ( ) .hasStringSignature ( "verify(String, SSLSession)" )
28
+ this .getMethod ( ) instanceof HostnameVerifierVerifyMethod and
29
+ not this .getCaller ( ) instanceof HostnameVerifierVerifyMethod
24
30
}
25
31
26
- predicate ignored ( ) {
32
+ /** Holds if the result if the call is not useds. */
33
+ predicate isIgnored ( ) {
27
34
not exists (
28
35
DataFlow:: Node source , DataFlow:: Node sink , CheckFailedHostnameVerificationConfig config
29
36
|
30
- this = source .asExpr ( )
31
- |
32
- config .hasFlow ( source , sink )
37
+ this = source .asExpr ( ) and config .hasFlow ( source , sink )
33
38
)
34
39
}
35
40
}
36
41
37
- private class CheckFailedHostnameVerificationConfig extends TaintTracking:: Configuration {
42
+ /**
43
+ * A configuration that tracks data flows from the result of a `HostnameVerifier.vefiry()` call
44
+ * to a condition that controls a throw statement.
45
+ */
46
+ private class CheckFailedHostnameVerificationConfig extends DataFlow:: Configuration {
38
47
CheckFailedHostnameVerificationConfig ( ) { this = "CheckFailedHostnameVerificationConfig" }
39
48
40
49
override predicate isSource ( DataFlow:: Node source ) {
@@ -54,5 +63,5 @@ private class CheckFailedHostnameVerificationConfig extends TaintTracking::Confi
54
63
}
55
64
56
65
from HostnameVerificationCall verification
57
- where verification .ignored ( )
58
- select verification , "Ignored result of hostname verification."
66
+ where verification .isIgnored ( )
67
+ select verification , "Ignored result of hostname verification."
0 commit comments