Predicate isInsecureMailPropertyConfig
The insecure way to set Java properties in mail sessions.
- Set the
mail.smtp.authproperty to provide the SMTP Transport with a username and password when connecting to the SMTP server or set themail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.classproperty to create an SMTP SSL socket. - No
mail.smtp.ssl.checkserveridentityproperty is enabled.
Import path
import semmle.code.java.security.Mailpredicate isInsecureMailPropertyConfig(Variable properties)