Module UnsafeHostnameVerificationQuery

Provides predicates and dataflow configurations for reasoning about unsafe hostname verification.

Import path

import semmle.code.java.security.UnsafeHostnameVerificationQuery

Imports

java	Provides all default Java QL imports.

Predicates

isNodeGuardedByFlag

Holds if node is guarded by a flag that suggests an intentionally insecure use.

Classes

TrustAllHostnameVerifier

A class that overrides the javax.net.ssl.HostnameVerifier.verify method and always returns true (though it could also exit due to an uncaught exception), thus accepting any certificate despite a hostname mismatch.

Modules

TrustAllHostnameVerifierConfig

A configuration to model the flow of a TrustAllHostnameVerifier to a set(Default)HostnameVerifier call.

Aliases

TrustAllHostnameVerifierFlow

Data flow to model the flow of a TrustAllHostnameVerifier to a set(Default)HostnameVerifier call.