From 76cde80c016515b25795104176a17082b9aeda65 Mon Sep 17 00:00:00 2001
From: elsapet <elizabeth@bearer.sh>
Date: Mon, 5 Feb 2024 18:28:53 +0200
Subject: [PATCH] WIP

---
 rules/java/lang/ssl_hostname_verifier.yml           | 13 +++++++++++++
 .../lang/ssl_hostname_verifier/testdata/main.java   |  5 ++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/rules/java/lang/ssl_hostname_verifier.yml b/rules/java/lang/ssl_hostname_verifier.yml
index b0af0997..33d35ff9 100644
--- a/rules/java/lang/ssl_hostname_verifier.yml
+++ b/rules/java/lang/ssl_hostname_verifier.yml
@@ -63,6 +63,19 @@ patterns:
         regex: \A(javax\.net\.ssl\.)?SSLSession\z
       - variable: "TRUE"
         detection: ssl_hostname_verifier_true
+  - pattern: |
+      class $<_> implements $<HOSTNAME_VERIFIER>() {
+        $<!>$<...>$<_> verify(String $<_>, $<SSL_SESSION> $<_>) {
+          return $<TRUE>;
+        }
+      };
+    filters:
+      - variable: HOSTNAME_VERIFIER
+        regex: \A(javax\.net\.ssl\.)?HostnameVerifier\z
+      - variable: SSL_SESSION
+        regex: \A(javax\.net\.ssl\.)?SSLSession\z
+      - variable: "TRUE"
+        detection: ssl_hostname_verifier_true
 auxiliary:
   - id: ssl_hostname_verifier_allow_all_hostname_verifier
     patterns:
diff --git a/tests/java/lang/ssl_hostname_verifier/testdata/main.java b/tests/java/lang/ssl_hostname_verifier/testdata/main.java
index a71e73e4..7d95e8aa 100644
--- a/tests/java/lang/ssl_hostname_verifier/testdata/main.java
+++ b/tests/java/lang/ssl_hostname_verifier/testdata/main.java
@@ -101,7 +101,7 @@ public boolean verify(String s, SSLSession sslSession) {
   e.printStackTrace();
 }
 
-public class MySSLSocketFactory extends SSLSocketFactory {
+public class MySocketFactorySubClass extends SSLSocketFactory {
   SSLContext sslContext = SSLContext.getInstance("TLS");
   public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
     super(truststore);
@@ -122,6 +122,5 @@ public X509Certificate[] getAcceptedIssuers() {
 }
 
 MySocketFactorySubClass socketFactory = new MySocketFactorySubClass(trustStore);
-// TODO: not catching extended cases
-// bearer:expected java_lang_ssl_hostname_verifier
+// TODO bearer expected java_lang_ssl_hostname_verifier
 socketFactory.setHostnameVerifier(MySocketFactorySubClass.ALLOW_ALL_HOSTNAME_VERIFIER);