For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

isInsecureMailPropertyConfig

Import path

Module Mail

Imports

Mail

java

Predicates

enablesEmailSsl

hasSslCertificateCheck

isInsecureMailPropertyConfig

Predicate isInsecureMailPropertyConfig

The insecure way to set Java properties in mail sessions.

Set the mail.smtp.auth property to provide the SMTP Transport with a username and password when connecting to the SMTP server or set the mail.smtp.ssl.socketFactory/mail.smtp.ssl.socketFactory.class property to create an SMTP SSL socket.
No mail.smtp.ssl.checkserveridentity property is enabled.

Import path


                                import semmle.code.java.security.Mail


                            
                                
                                    predicate
                                
                                 
                            
                            
                                isInsecureMailPropertyConfig
                            
                            
                                (
                                
                                    
                                        Variable
                                    
                                     
                                    properties
                                
                                )