CodeQL library for Java
codeql/java-all 0.6.2 ( changelog , source )

Predicate isInsecureMailPropertyConfig

The insecure way to set Java properties in mail sessions.

  1. Set the mail.smtp.auth property to provide the SMTP Transport with a username and password when connecting to the SMTP server or set the mail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.class property to create an SMTP SSL socket.
  2. No mail.smtp.ssl.checkserveridentity property is enabled.

Import path

predicate isInsecureMailPropertyConfig ( Variable properties )