wip

Bearer · Feb 26, 2024 · 15fca5c · 15fca5c
1 parent b797d55
commit 15fca5c
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 50 deletions.
diff --git a/rules/java/lang/ssl_hostname_verifier.yml b/rules/java/lang/ssl_hostname_verifier.yml
@@ -1,11 +1,15 @@
 imports:
   - java_shared_lang_instance
 patterns:
+  # - pattern: $<TEMP2>;
+  #   filters:
+  #     - variable: TEMP2
+  #       detection: ssl_hostname_verifier_null_x509_cert
   - pattern: $<SSL_SOCKET_FACTORY>.ALLOW_ALL_HOSTNAME_VERIFIER;
     filters:
       - variable: SSL_SOCKET_FACTORY
         regex: \A(org\.apache\.http\.conn\.ssl\.)?SSLSocketFactory\z
-  - pattern: $<CALLER>.$<METHOD>($<...>$<ALLOW_ALL_HOSTNAME_VERIFIER>);
+  - pattern: $<CALLER>.$<METHOD>($<ALLOW_ALL_HOSTNAME_VERIFIER>);
     filters:
       - either:
           - variable: CALLER
@@ -140,22 +144,10 @@ auxiliary:
         filters:
           - variable: ALLOW_ALL_HOSTNAME_VERIFIER
             detection: ssl_hostname_verifier_allow_all_hostname_verifier
-      - pattern: ($<HOSTNAME_VERIFIER_CAST>) new $<ALLOW_ALL_HOSTNAME_VERIFIER>();
-        filters:
-          - variable: HOSTNAME_VERIFIER_CAST
-            values:
-              - HostnameVerifier
-              - X509HostnameVerifier
-          - variable: ALLOW_ALL_HOSTNAME_VERIFIER
-            detection: ssl_hostname_verifier_allow_all_hostname_verifier
-      - pattern: ($<HOSTNAME_VERIFIER_CAST>) <$ALLOW_ALL_HOSTNAME_VERIFIER>;
+      - pattern: $<ALLOW_ALL_HOSTNAME_VERIFIER>;
         filters:
           - variable: ALLOW_ALL_HOSTNAME_VERIFIER
             detection: ssl_hostname_verifier_allow_all_hostname_verifier
-          - variable: HOSTNAME_VERIFIER_CAST
-            values:
-              - HostnameVerifier
-              - X509HostnameVerifier
   - id: ssl_hostname_verifier_socket_factory
     patterns:
       - pattern: $<SSL_SOCKET_FACTORY>;

diff --git a/tests/java/lang/ssl_hostname_verifier/testdata/main.java b/tests/java/lang/ssl_hostname_verifier/testdata/main.java
@@ -1,10 +1,10 @@
 import javax.net.ssl.X509TrustManager;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 
-SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
+SSLSocketFactory socketFactory=SSLSocketFactory.getSocketFactory();
 
 // bearer:expected java_lang_ssl_hostname_verifier
-HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
+HostnameVerifier hostnameVerifier=org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
 
 // bearer:expected java_lang_ssl_hostname_verifier
 HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
@@ -15,45 +15,45 @@
 // bearer:expected java_lang_ssl_hostname_verifier
 socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
 // bearer:expected java_lang_ssl_hostname_verifier
-socketFactory.setDefaultHostnameVerifier((HostnameVerifier) new NullHostnameVerifier());
+socketFactory.setDefaultHostnameVerifier((HostnameVerifier)new NullHostnameVerifier());
 
 public class DummyHostnameVerifier implements HostnameVerifier {
   // bearer:expected java_lang_ssl_hostname_verifier
   @Override
   public boolean verify(String s, SSLSession sslSession) {
     return true;
   }
-}
-HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
+}HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
 
 class AllHosts implements HostnameVerifier {
-    // bearer:expected java_lang_ssl_hostname_verifier
-    public boolean verify(final String hostname, final SSLSession session) {
-        return true;
-    }
+  // bearer:expected java_lang_ssl_hostname_verifier
+  public boolean verify(final String hostname, final SSLSession session) {
+    return true;
+  }
+
 }
 
-public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
-  javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
-  // bearer:expected java_lang_ssl_hostname_verifier
-  sc.init(null, tm, null);
+  public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
+    javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
+    // bearer:expected java_lang_ssl_hostname_verifier
+    sc.init(null, tm, null);
 
-  javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL");
-  // bearer:expected java_lang_ssl_hostname_verifier
-  sc2.init(null, tm, null);
+    javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL");
+    // bearer:expected java_lang_ssl_hostname_verifier
+    sc2.init(null, tm, null);
 
-  SecureRandom rand = new SecureRandom();
-  // bearer:expected java_lang_ssl_hostname_verifier
-  sc.init(null, tm, rand);
-}
+    SecureRandom rand = new SecureRandom();
+    // bearer:expected java_lang_ssl_hostname_verifier
+    sc.init(null, tm, rand);
+  }
 
-public void disableCommonNameChecking() {
-  TLSClientParameters tls = new TLSClientParameters();
-  tls.setSSLSocketFactory(sslFactory);
-  // bearer:expected java_lang_ssl_hostname_verifier
-  tls.setDisableCNCheck(true);
-  http.setTlsClientParameters(tls);
-}
+  public void disableCommonNameChecking() {
+    TLSClientParameters tls = new TLSClientParameters();
+    tls.setSSLSocketFactory(sslFactory);
+    // bearer:expected java_lang_ssl_hostname_verifier
+    tls.setDisableCNCheck(true);
+    http.setTlsClientParameters(tls);
+  }
 
 protected void getAcceptedIssuersOverride() {
   TrustManager[] trustAllCerts = new TrustManager[] {
@@ -79,13 +79,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
   TrustManager[] victimizedManager = new TrustManager[]{
     new X509TrustManager() {
       // bearer:expected java_lang_ssl_hostname_verifier
-      public X509Certificate[] getAcceptedIssuers() {
-        X509Certificate[] myTrustedAnchors = new X509Certificate[0];
-        return myTrustedAnchors;
-      }
-    }
-  };
-}
+  public X509Certificate[] getAcceptedIssuers() {
+    X509Certificate[] myTrustedAnchors = new X509Certificate[0];
+    return myTrustedAnchors;
+  }}};}
 
 final static HostnameVerifier NO_VERIFY = new HostnameVerifier() {
   // bearer:expected java_lang_ssl_hostname_verifier
@@ -102,7 +99,7 @@ public boolean verify(String s, SSLSession sslSession) {
       return true;
     }
   });
-} catch (Exception e) {
+} catch (Exception e){
   e.printStackTrace();
 }
 
@@ -128,4 +125,4 @@ public X509Certificate[] getAcceptedIssuers() {
 
 MySocketFactorySubClass socketFactory = new MySocketFactorySubClass(trustStore);
 // TODO bearer expected java_lang_ssl_hostname_verifier
-socketFactory.setHostnameVerifier(MySocketFactorySubClass.ALLOW_ALL_HOSTNAME_VERIFIER);
+socketFactory.setHostnameVerifier(MySocketFactorySubClass.ALLOW_ALL_HOSTNAME_VERIFIER);