Skip to content

Commit 7c28ce6

Browse files
atorralbaatorralba
committed
Add spurious test case
1 parent 60dee7f commit 7c28ce6

1 file changed

Lines changed: 12 additions & 1 deletion

File tree

java/ql/test/query-tests/security/CWE-273/UnsafeCertTrustTest.java

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -191,12 +191,23 @@ public void testSSLSocketEndpointIdSafeWithConditionalSanitizer(boolean safe) th
191191
SSLSocket socket = (SSLSocket) socketFactory.createSocket();
192192
if (safe) {
193193
SSLParameters sslParameters = socket.getSSLParameters();
194-
onSetSSLParameters(sslParameters);
194+
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
195195
socket.setSSLParameters(sslParameters);
196196
}
197197
socket.getOutputStream(); // Safe
198198
}
199199

200+
public void testSSLSocketEndpointIdSafeWithSanitizerInCast(boolean safe) throws Exception {
201+
SSLContext sslContext = SSLContext.getInstance("TLS");
202+
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
203+
Socket socket = socketFactory.createSocket();
204+
SSLSocket sslSocket = (SSLSocket) socket;
205+
SSLParameters sslParameters = sslSocket.getSSLParameters();
206+
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
207+
sslSocket.setSSLParameters(sslParameters);
208+
socket.getOutputStream(); // $ SPURIOUS: hasUnsafeCertTrust
209+
}
210+
200211
public void testSocketEndpointIdNotSet() throws Exception {
201212
SocketFactory socketFactory = SocketFactory.getDefault();
202213
Socket socket = socketFactory.createSocket("www.example.com", 80);

0 commit comments

Comments
 (0)