CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module Mail

Provides classes and predicates to reason about email vulnerabilities.

Import path

import semmle.code.java.security.Mail

Imports

Mail

Provides classes and predicates to work with email

java

Provides all default Java QL imports.

Predicates

enablesEmailSsl

Holds if ma enables TLS/SSL with Apache Email.

hasSslCertificateCheck

Holds if a SSL certificate check is enabled on an access of apacheEmail with Apache Email.

isInsecureMailPropertyConfig

The insecure way to set Java properties in mail sessions. 1. Set the mail.smtp.auth property to provide the SMTP Transport with a username and password when connecting to the SMTP server or set the mail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.class property to create an SMTP SSL socket. 2. No mail.smtp.ssl.checkserveridentity property is enabled.