fix: extend rule cases

Bearer · Feb 26, 2024 · 44df679 · 44df679
1 parent 459fc02
commit 44df679
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 7 deletions.
diff --git a/rules/java/lang/ssl_hostname_verifier.yml b/rules/java/lang/ssl_hostname_verifier.yml
@@ -1,15 +1,11 @@
 imports:
   - java_shared_lang_instance
 patterns:
-  # - pattern: $<TEMP2>;
-  #   filters:
-  #     - variable: TEMP2
-  #       detection: ssl_hostname_verifier_null_x509_cert
   - pattern: $<SSL_SOCKET_FACTORY>.ALLOW_ALL_HOSTNAME_VERIFIER;
     filters:
       - variable: SSL_SOCKET_FACTORY
         regex: \A(org\.apache\.http\.conn\.ssl\.)?SSLSocketFactory\z
-  - pattern: $<CALLER>.$<METHOD>($<ALLOW_ALL_HOSTNAME_VERIFIER>);
+  - pattern: $<CALLER>.$<METHOD>($<...>$<ALLOW_ALL_HOSTNAME_VERIFIER>);
     filters:
       - either:
           - variable: CALLER
@@ -68,9 +64,34 @@ patterns:
         regex: \A(java\.security\.cert\.)?X509Certificate\z
       - variable: NULL_X509_CERTIFICATE
         detection: ssl_hostname_verifier_null_x509_cert
+  - pattern: |
+      class $<...>$<_> implements $<X509_TRUST_MANAGER> {
+        $<!>$<...>X509Certificate[] getAcceptedIssuers() {
+          return $<NULL_X509_CERTIFICATE>;
+        }
+      };
+    filters:
+      - variable: X509_TRUST_MANAGER
+        regex: \A(javax\.net\.ssl\.)?X509TrustManager\z
+      - variable: NULL_X509_CERTIFICATE
+        detection: ssl_hostname_verifier_null_x509_cert
+  - pattern: |
+      class $<...>$<_> implements $<X509_TRUST_MANAGER> {
+        $<!>$<...>X509Certificate[] getAcceptedIssuers() {
+          $<X509_CERTIFICATE_TYPE>[] $<X509_CERT> = $<NULL_X509_CERTIFICATE>;
+          return $<X509_CERT>;
+        }
+      };
+    filters:
+      - variable: X509_TRUST_MANAGER
+        regex: \A(javax\.net\.ssl\.)?X509TrustManager\z
+      - variable: X509_CERTIFICATE_TYPE
+        regex: \A(java\.security\.cert\.)?X509Certificate\z
+      - variable: NULL_X509_CERTIFICATE
+        detection: ssl_hostname_verifier_null_x509_cert
   - pattern: |
       new $<HOSTNAME_VERIFIER>() {
-        $<!>$<...>$<_> verify(String $<_>, $<SSL_SESSION> $<_>) {
+        $<!>$<...>$<_> verify($<...>String $<_>, $<...>$<SSL_SESSION> $<_>) {
           return $<TRUE>;
         }
       };
@@ -83,7 +104,7 @@ patterns:
         detection: ssl_hostname_verifier_true
   - pattern: |
       class $<...>$<_> implements $<HOSTNAME_VERIFIER> {
-        $<!>$<...>$<_> verify(String $<_>, $<SSL_SESSION> $<_>) {
+        $<!>$<...>$<_> verify($<...>String $<_>, $<...>$<SSL_SESSION> $<_>) {
           return $<TRUE>;
         }
       }

diff --git a/tests/java/lang/ssl_hostname_verifier/testdata/main.java b/tests/java/lang/ssl_hostname_verifier/testdata/main.java
@@ -26,6 +26,13 @@ public boolean verify(String s, SSLSession sslSession) {
 }
 HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());
 
+class AllHosts implements HostnameVerifier {
+    // bearer:expected java_lang_ssl_hostname_verifier
+    public boolean verify(final String hostname, final SSLSession session) {
+        return true;
+    }
+}
+
 public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
   javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
   // bearer:expected java_lang_ssl_hostname_verifier