Adjust hostname verifier sink identifier name

tamasvajk · tamasvajk · commit 1caa5c47800c · 2021-04-22T11:22:18.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
@@ -50,7 +50,7 @@ class TrustAllHostnameVerifierConfiguration extends DataFlow::Configuration {
     source.asExpr().(ClassInstanceExpr).getConstructedType() instanceof TrustAllHostnameVerifier
   }
 
-  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "set-hostname") }
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "set-hostname-verifier") }
 
   override predicate isBarrier(DataFlow::Node barrier) {
     // ignore nodes that are in functions that intentionally disable hostname verification
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -209,8 +209,8 @@ private predicate sinkModelCsv(string row) {
       // Bean validation
       "javax.validation;ConstraintValidatorContext;true;buildConstraintViolationWithTemplate;;;Argument[0];bean-validation",
       // Set hostname
-      "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname",
-      "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname"
+      "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname-verifier",
+      "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname-verifier"
     ]
 }
 

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ class TrustAllHostnameVerifierConfiguration extends DataFlow::Configuration {`
`50`	`50`	`source.asExpr().(ClassInstanceExpr).getConstructedType() instanceof TrustAllHostnameVerifier`
`51`	`51`	`}`
`52`	`52`
`53`		`- override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "set-hostname") }`
	`53`	`+ override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "set-hostname-verifier") }`
`54`	`54`
`55`	`55`	`override predicate isBarrier(DataFlow::Node barrier) {`
`56`	`56`	`// ignore nodes that are in functions that intentionally disable hostname verification`
Original file line number	Diff line number	Diff line change
`@@ -209,8 +209,8 @@ private predicate sinkModelCsv(string row) {`
`209`	`209`	`// Bean validation`
`210`	`210`	`"javax.validation;ConstraintValidatorContext;true;buildConstraintViolationWithTemplate;;;Argument[0];bean-validation",`
`211`	`211`	`// Set hostname`
`212`		`- "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname",`
`213`		`- "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname"`
	`212`	`+ "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname-verifier",`
	`213`	`+ "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname-verifier"`
`214`	`214`	`]`
`215`	`215`	`}`
`216`	`216`