Title: Java: CWE-273 Unsafe certificate trust by luchua-bc · Pull Request #3550 · github/codeql · GitHub
Open Graph Title: Java: CWE-273 Unsafe certificate trust by luchua-bc · Pull Request #3550 · github/codeql
X Title: Java: CWE-273 Unsafe certificate trust by luchua-bc · Pull Request #3550 · github/codeql
Description: Java offers two mechanisms for SSL authentication - trust manager and hostname verifier. Trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification. Unsafe implementation of the interface X509TrustManager and HostnameVerifier ignores all SSL certificate validation errors when establishing an HTTPS connection, thereby making the app vulnerable to man-in-the-middle attacks. This is a very common issue with web development. The query checks whether trust manager is set to trust all certificates or the hostname verifier is turned off. I've tested it against some GitHub projects, and a test case has been created. Please consider to merge the PR. Thanks.
Open Graph Description: Java offers two mechanisms for SSL authentication - trust manager and hostname verifier. Trust manager validates the peer's certificate chain while hostname verification establishes that the ho...
X Description: Java offers two mechanisms for SSL authentication - trust manager and hostname verifier. Trust manager validates the peer's certificate chain while hostname verification establishes that th...
Opengraph URL: https://github.com/github/codeql/pull/3550
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:d608dd2c-a4fa-6ba9-c2bb-42c2a7158ab8 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 8380:2495A6:2CAB73:3F44D5:6A4C9EF2 |
| html-safe-nonce | 8a8098e00112133f34e39c41a0835e6555b95657478cbeb6e559a39cf1a93954 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4MzgwOjI0OTVBNjoyQ0FCNzM6M0Y0NEQ1OjZBNEM5RUYyIiwidmlzaXRvcl9pZCI6IjUwMTcwMjI0ODUwMjg5NzAyMjYiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 7ced15b6dc1bb376ec75ca24d5352126c543e0f675a24ceed3977fe83d149788 |
| hovercard-subject-tag | pull_request:422439534 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/github/codeql/pull/3550/files |
| twitter:image | https://avatars.githubusercontent.com/u/37377780?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/u/37377780?s=400&v=4 |
| og:image:alt | Java offers two mechanisms for SSL authentication - trust manager and hostname verifier. Trust manager validates the peer's certificate chain while hostname verification establishes that the ho... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/github/codeql git https://github.com/github/codeql.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 143040428 |
| octolytics-dimension-repository_nwo | github/codeql |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 143040428 |
| octolytics-dimension-repository_network_root_nwo | github/codeql |
| turbo-body-classes | logged-out env-production page-responsive full-width |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | ae90d426644ca15e89bacceb72e51f4e9dbf85f7 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width