Use classes from semmle.code.java.security.Encryption

artem-smotrakov · artem-smotrakov · commit 36e565d673c0 · 2022-02-12T15:31:35.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
@@ -11,20 +11,13 @@
  */
 
 import java
-
-/** The `HostnameVerifier.verify()` method. */
-private class HostnameVerifierVerifyMethod extends Method {
-  HostnameVerifierVerifyMethod() {
-    this.getDeclaringType().getASupertype*().hasQualifiedName("javax.net.ssl", "HostnameVerifier") and
-    this.hasStringSignature("verify(String, SSLSession)")
-  }
-}
+import semmle.code.java.security.Encryption
 
 /** A `HostnameVerifier.verify()` call that is not wrapped in another `HostnameVerifier`. */
 private class HostnameVerificationCall extends MethodAccess {
   HostnameVerificationCall() {
-    this.getMethod() instanceof HostnameVerifierVerifyMethod and
-    not this.getCaller() instanceof HostnameVerifierVerifyMethod
+    this.getMethod() instanceof HostnameVerifierVerify and
+    not this.getCaller() instanceof HostnameVerifierVerify
   }
 
   /** Holds if the result of the call is not used. */
