Java: Fix FP in UseSSL. · github/codeql@d3fcfb0 · GitHub
Skip to content

Commit d3fcfb0

Browse files
committed
Java: Fix FP in UseSSL.
1 parent ca72c8e commit d3fcfb0

4 files changed

Lines changed: 23 additions & 2 deletions

File tree

java/ql/src/Security/CWE/CWE-319/UseSSL.ql

Lines changed: 7 additions & 2 deletions
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
import java.net.HttpURLConnection;
2+
import javax.net.ssl.HttpsURLConnection;
3+
import java.io.*;
4+
5+
class Test {
6+
public void m1(HttpURLConnection connection) {
7+
InputStream input;
8+
if (connection instanceof HttpsURLConnection) {
9+
input = connection.getInputStream(); // OK
10+
} else {
11+
input = connection.getInputStream(); // BAD
12+
}
13+
}
14+
}
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
| Test.java:11:15:11:41 | getInputStream(...) | Stream using vulnerable non-SSL connection. |
Lines changed: 1 addition & 0 deletions

0 commit comments

Comments
 (0)