CodeQL library for Java/Kotlin
codeql/java-all 0.8.12 (changelog, source)
Search

Predicate isInsecureMailPropertyConfig

The insecure way to set Java properties in mail sessions.

  1. Set the mail.smtp.auth property to provide the SMTP Transport with a username and password when connecting to the SMTP server or set the mail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.class property to create an SMTP SSL socket.
  2. No mail.smtp.ssl.checkserveridentity property is enabled.

Import path

import semmle.code.java.security.Mail
predicate isInsecureMailPropertyConfig(Variable properties)