From 3950a0b0a164a095c0cd7aca81211bc0987514e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Mon, 19 Feb 2024 11:21:13 +0100 Subject: [PATCH] fix: fix ssl_hostname_verifier --- rules/java/lang/ssl_hostname_verifier.yml | 14 +--- .../ssl_hostname_verifier/testdata/main.java | 71 +++++++++---------- 2 files changed, 35 insertions(+), 50 deletions(-) diff --git a/rules/java/lang/ssl_hostname_verifier.yml b/rules/java/lang/ssl_hostname_verifier.yml index efb74a8cb..1f2a9da83 100644 --- a/rules/java/lang/ssl_hostname_verifier.yml +++ b/rules/java/lang/ssl_hostname_verifier.yml @@ -144,22 +144,10 @@ auxiliary: filters: - variable: ALLOW_ALL_HOSTNAME_VERIFIER detection: ssl_hostname_verifier_allow_all_hostname_verifier - - pattern: ($) new $(); - filters: - - variable: HOSTNAME_VERIFIER_CAST - values: - - HostnameVerifier - - X509HostnameVerifier - - variable: ALLOW_ALL_HOSTNAME_VERIFIER - detection: ssl_hostname_verifier_allow_all_hostname_verifier - - pattern: ($) <$ALLOW_ALL_HOSTNAME_VERIFIER>; + - pattern: $; filters: - variable: ALLOW_ALL_HOSTNAME_VERIFIER detection: ssl_hostname_verifier_allow_all_hostname_verifier - - variable: HOSTNAME_VERIFIER_CAST - values: - - HostnameVerifier - - X509HostnameVerifier - id: ssl_hostname_verifier_socket_factory patterns: - pattern: $; diff --git a/tests/java/lang/ssl_hostname_verifier/testdata/main.java b/tests/java/lang/ssl_hostname_verifier/testdata/main.java index d2946f50f..04d1a3128 100644 --- a/tests/java/lang/ssl_hostname_verifier/testdata/main.java +++ b/tests/java/lang/ssl_hostname_verifier/testdata/main.java @@ -1,10 +1,10 @@ import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLSocketFactory; -SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory(); +SSLSocketFactory socketFactory=SSLSocketFactory.getSocketFactory(); // bearer:expected java_lang_ssl_hostname_verifier -HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; +HostnameVerifier hostnameVerifier=org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER; // bearer:expected java_lang_ssl_hostname_verifier HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); @@ -13,9 +13,9 @@ HttpsURLConnection.setDefaultHostnameVerifier(NoopHostnameVerifier.INSTANCE); // bearer:expected java_lang_ssl_hostname_verifier -socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier); +socketFactory.setHostnameVerifier((X509HostnameVerifier)hostnameVerifier); // bearer:expected java_lang_ssl_hostname_verifier -socketFactory.setDefaultHostnameVerifier((HostnameVerifier) new NullHostnameVerifier()); +socketFactory.setDefaultHostnameVerifier((HostnameVerifier)new NullHostnameVerifier()); public class DummyHostnameVerifier implements HostnameVerifier { // bearer:expected java_lang_ssl_hostname_verifier @@ -23,37 +23,37 @@ public class DummyHostnameVerifier implements HostnameVerifier { public boolean verify(String s, SSLSession sslSession) { return true; } -} -HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier()); +}HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier()); class AllHosts implements HostnameVerifier { - // bearer:expected java_lang_ssl_hostname_verifier - public boolean verify(final String hostname, final SSLSession session) { - return true; - } + // bearer:expected java_lang_ssl_hostname_verifier + public boolean verify(final String hostname, final SSLSession session) { + return true; + } + } -public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) { - javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL"); - // bearer:expected java_lang_ssl_hostname_verifier - sc.init(null, tm, null); + public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) { + javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL"); + // bearer:expected java_lang_ssl_hostname_verifier + sc.init(null, tm, null); - javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL"); - // bearer:expected java_lang_ssl_hostname_verifier - sc2.init(null, tm, null); + javax.net.ssl.SSLContext sc2 = SSLContext.getInstance("SSL"); + // bearer:expected java_lang_ssl_hostname_verifier + sc2.init(null, tm, null); - SecureRandom rand = new SecureRandom(); - // bearer:expected java_lang_ssl_hostname_verifier - sc.init(null, tm, rand); -} + SecureRandom rand = new SecureRandom(); + // bearer:expected java_lang_ssl_hostname_verifier + sc.init(null, tm, rand); + } -public void disableCommonNameChecking() { - TLSClientParameters tls = new TLSClientParameters(); - tls.setSSLSocketFactory(sslFactory); - // bearer:expected java_lang_ssl_hostname_verifier - tls.setDisableCNCheck(true); - http.setTlsClientParameters(tls); -} + public void disableCommonNameChecking() { + TLSClientParameters tls = new TLSClientParameters(); + tls.setSSLSocketFactory(sslFactory); + // bearer:expected java_lang_ssl_hostname_verifier + tls.setDisableCNCheck(true); + http.setTlsClientParameters(tls); + } protected void getAcceptedIssuersOverride() { TrustManager[] trustAllCerts = new TrustManager[] { @@ -79,13 +79,10 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) TrustManager[] victimizedManager = new TrustManager[]{ new X509TrustManager() { // bearer:expected java_lang_ssl_hostname_verifier - public X509Certificate[] getAcceptedIssuers() { - X509Certificate[] myTrustedAnchors = new X509Certificate[0]; - return myTrustedAnchors; - } - } - }; -} + public X509Certificate[] getAcceptedIssuers() { + X509Certificate[] myTrustedAnchors = new X509Certificate[0]; + return myTrustedAnchors; + }}};} final static HostnameVerifier NO_VERIFY = new HostnameVerifier() { // bearer:expected java_lang_ssl_hostname_verifier @@ -102,8 +99,8 @@ public boolean verify(String s, SSLSession sslSession) { return true; } }); -} catch (Exception e) { - e.printStackTrace(); +} catch ( + Exception e){e.printStackTrace(); } public class MySocketFactorySubClass extends SSLSocketFactory {