Skip to content

Commit

Permalink
fix: extend rule cases
Browse files Browse the repository at this point in the history
  • Loading branch information
elsapet authored and cfabianski committed Feb 19, 2024
1 parent b5644f2 commit 6752df7
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
29 changes: 27 additions & 2 deletions rules/java/lang/ssl_hostname_verifier.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,34 @@ patterns:
regex: \A(java\.security\.cert\.)?X509Certificate\z
- variable: NULL_X509_CERTIFICATE
detection: ssl_hostname_verifier_null_x509_cert
- pattern: |
class $<...>$<_> implements $<X509_TRUST_MANAGER> {
$<!>$<...>X509Certificate[] getAcceptedIssuers() {
return $<NULL_X509_CERTIFICATE>;
}
};
filters:
- variable: X509_TRUST_MANAGER
regex: \A(javax\.net\.ssl\.)?X509TrustManager\z
- variable: NULL_X509_CERTIFICATE
detection: ssl_hostname_verifier_null_x509_cert
- pattern: |
class $<...>$<_> implements $<X509_TRUST_MANAGER> {
$<!>$<...>X509Certificate[] getAcceptedIssuers() {
$<X509_CERTIFICATE_TYPE>[] $<X509_CERT> = $<NULL_X509_CERTIFICATE>;
return $<X509_CERT>;
}
};
filters:
- variable: X509_TRUST_MANAGER
regex: \A(javax\.net\.ssl\.)?X509TrustManager\z
- variable: X509_CERTIFICATE_TYPE
regex: \A(java\.security\.cert\.)?X509Certificate\z
- variable: NULL_X509_CERTIFICATE
detection: ssl_hostname_verifier_null_x509_cert
- pattern: |
new $<HOSTNAME_VERIFIER>() {
$<!>$<...>$<_> verify(String $<_>, $<SSL_SESSION> $<_>) {
$<!>$<...>$<_> verify($<...>String $<_>, $<...>$<SSL_SESSION> $<_>) {
return $<TRUE>;
}
};
Expand All @@ -83,7 +108,7 @@ patterns:
detection: ssl_hostname_verifier_true
- pattern: |
class $<...>$<_> implements $<HOSTNAME_VERIFIER> {
$<!>$<...>$<_> verify(String $<_>, $<SSL_SESSION> $<_>) {
$<!>$<...>$<_> verify($<...>String $<_>, $<...>$<SSL_SESSION> $<_>) {
return $<TRUE>;
}
}
Expand Down
7 changes: 7 additions & 0 deletions tests/java/lang/ssl_hostname_verifier/testdata/main.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,13 @@ public boolean verify(String s, SSLSession sslSession) {
}
HttpsURLConnection.setDefaultHostnameVerifier(new DummyHostnameVerifier());

class AllHosts implements HostnameVerifier {
// bearer:expected java_lang_ssl_hostname_verifier
public boolean verify(final String hostname, final SSLSession session) {
return true;
}
}

public void nullKeyManagerForSSLContext(TrustManager[] trustAllCertificates) {
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");
// bearer:expected java_lang_ssl_hostname_verifier
Expand Down

0 comments on commit 6752df7

Please sign in to comment.