Provides classes and predicates to reason about email vulnerabilities.
Import path
import semmle.code.java.security.Mail
Imports
| Mail | Provides classes and predicates to work with email
|
| java | Provides all default Java QL imports.
|
Predicates
| enablesEmailSsl | Holds if ma enables TLS/SSL with Apache Email.
|
| hasSslCertificateCheck | Holds if a SSL certificate check is enabled on an access of apacheEmail with Apache Email.
|
| isInsecureMailPropertyConfig | The insecure way to set Java properties in mail sessions. 1. Set the mail.smtp.auth property to provide the SMTP Transport with a username and password when connecting to the SMTP server or set the mail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.class property to create an SMTP SSL socket. 2. No mail.smtp.ssl.checkserveridentity property is enabled.
|