Skip to content

Commit

Permalink
fix: fix ssl_hostname_verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
@cfabianski
cfabianski committed Feb 19, 2024
1 parent 6752df7 commit 3950a0b
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 50 deletions.
14 changes: 1 addition & 13 deletions rules/java/lang/ssl_hostname_verifier.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,22 +144,10 @@ auxiliary:
filters:
- variable: ALLOW_ALL_HOSTNAME_VERIFIER
detection: ssl_hostname_verifier_allow_all_hostname_verifier
- pattern: ($<HOSTNAME_VERIFIER_CAST>) new $<ALLOW_ALL_HOSTNAME_VERIFIER>();
filters:
- variable: HOSTNAME_VERIFIER_CAST
values:
- HostnameVerifier
- X509HostnameVerifier
- variable: ALLOW_ALL_HOSTNAME_VERIFIER
detection: ssl_hostname_verifier_allow_all_hostname_verifier
- pattern: ($<HOSTNAME_VERIFIER_CAST>) <$ALLOW_ALL_HOSTNAME_VERIFIER>;
- pattern: $<ALLOW_ALL_HOSTNAME_VERIFIER>;
filters:
- variable: ALLOW_ALL_HOSTNAME_VERIFIER
detection: ssl_hostname_verifier_allow_all_hostname_verifier
- variable: HOSTNAME_VERIFIER_CAST
values:
- HostnameVerifier
- X509HostnameVerifier
- id: ssl_hostname_verifier_socket_factory
patterns:
- pattern: $<SSL_SOCKET_FACTORY>;
Expand Down
71 changes: 34 additions & 37 deletions tests/java/lang/ssl_hostname_verifier/testdata/main.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
SSLSocketFactory socketFactory=SSLSocketFactory.getSocketFactory();

// bearer:expected java_lang_ssl_hostname_verifier
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
HostnameVerifier hostnameVerifier=org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

// bearer:expected java_lang_ssl_hostname_verifier
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
Expand All @@ -13,47 +13,47 @@
HttpsURLConnection.setDefaultHostnameVerifier(NoopHostnameVerifier.INSTANCE);

// bearer:expected java_lang_ssl_hostname_verifier
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
socketFactory.setHostnameVerifier((X509HostnameVerifier)hostnameVerifier);
// bearer:expected java_lang_ssl_hostname_verifier
socketFactory.setDefaultHostnameVerifier((HostnameVerifier) new NullHostnameVerifier());
socketFactory.setDefaultHostnameVerifier((HostnameVerifier)new NullHostnameVerifier());

public class DummyHostnameVerifier implements HostnameVerifier {
// bearer:expected java_lang_ssl_hostname_verifier
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
}HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());

class AllHosts implements HostnameVerifier {
// bearer:expected java_lang_ssl_hostname_verifier
public boolean verify(final String hostname, final SSLSession session) {
return true;
}
// bearer:expected java_lang_ssl_hostname_verifier
public boolean verify(final String hostname, final SSLSession session) {
return true;
}

}

public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
// bearer:expected java_lang_ssl_hostname_verifier
sc.init(null, tm, null);
public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
// bearer:expected java_lang_ssl_hostname_verifier
sc.init(null, tm, null);

javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL");
// bearer:expected java_lang_ssl_hostname_verifier
sc2.init(null, tm, null);
javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL");
// bearer:expected java_lang_ssl_hostname_verifier
sc2.init(null, tm, null);

SecureRandom rand = new SecureRandom();
// bearer:expected java_lang_ssl_hostname_verifier
sc.init(null, tm, rand);
}
SecureRandom rand = new SecureRandom();
// bearer:expected java_lang_ssl_hostname_verifier
sc.init(null, tm, rand);
}

public void disableCommonNameChecking() {
TLSClientParameters tls = new TLSClientParameters();
tls.setSSLSocketFactory(sslFactory);
// bearer:expected java_lang_ssl_hostname_verifier
tls.setDisableCNCheck(true);
http.setTlsClientParameters(tls);
}
public void disableCommonNameChecking() {
TLSClientParameters tls = new TLSClientParameters();
tls.setSSLSocketFactory(sslFactory);
// bearer:expected java_lang_ssl_hostname_verifier
tls.setDisableCNCheck(true);
http.setTlsClientParameters(tls);
}

protected void getAcceptedIssuersOverride() {
TrustManager[] trustAllCerts = new TrustManager[] {
Expand All @@ -79,13 +79,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
TrustManager[] victimizedManager = new TrustManager[]{
new X509TrustManager() {
// bearer:expected java_lang_ssl_hostname_verifier
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] myTrustedAnchors = new X509Certificate[0];
return myTrustedAnchors;
}
}
};
}
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] myTrustedAnchors = new X509Certificate[0];
return myTrustedAnchors;
}}};}

final static HostnameVerifier NO_VERIFY = new HostnameVerifier() {
// bearer:expected java_lang_ssl_hostname_verifier
Expand All @@ -102,8 +99,8 @@ public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
} catch (Exception e) {
e.printStackTrace();
} catch (
Exception e){e.printStackTrace();
}

public class MySocketFactorySubClass extends SSLSocketFactory {
Expand Down

0 comments on commit 3950a0b

Please sign in to comment.