-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathUseSSL.ql
More file actions
45 lines (41 loc) · 1.15 KB
/
UseSSL.ql
File metadata and controls
45 lines (41 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/**
* @name Failure to use SSL
* @description Non-SSL connections can be intercepted by third parties.
* @kind problem
* @problem.severity recommendation
* @security-severity 7.5
* @precision medium
* @id java/non-ssl-connection
* @tags security
* external/cwe/cwe-319
*/
import java
import semmle.code.java.dataflow.TypeFlow
import semmle.code.java.security.Encryption
class UrlConnection extends RefType {
UrlConnection() {
this.getAnAncestor().hasQualifiedName("java.net", "URLConnection") and
not this.hasName("JarURLConnection")
}
}
class Socket extends RefType {
Socket() { this.getAnAncestor().hasQualifiedName("java.net", "Socket") }
}
from MethodCall m, Class c, string type
where
m.getQualifier().getType() = c and
(
c instanceof UrlConnection and type = "connection"
or
c instanceof Socket and type = "socket"
) and
not c instanceof SslClass and
not exists(RefType t |
exprTypeFlow(m.getQualifier(), t, _) and
t instanceof SslClass
) and
(
m.getMethod().getName() = "getInputStream" or
m.getMethod().getName() = "getOutputStream"
)
select m, "Stream using vulnerable non-SSL " + type + "."