Split WeakHostNameVerification into X509TrustManager and HostnameVerifier
What does this MR do?
WeakHostNameVerification rule split into two separate rules.
rule-HostnameVerifier:
-
Changed
- pattern-inside: | public boolean verify(...) { ... } - pattern: "return true;"
to
- pattern: | public boolean verify(...) { return true; }
for strict pattern matching. Eliminates false positives caused by chained return statements.
-
Created Test File for HostnameVerifier with positive and negative scenarios.
-
Added remediation text.
rule-X509TrustManager
-
Changed
public X509Certificate[] getAcceptedIssuers() { ... return null; }
to
public X509Certificate[] getAcceptedIssuers() { return null; }
to strictly match getAcceptedIssuers which return null in all scenarios. Eliminates false positives caused by chained return statements.
-
Created Test File for X509TrustManagerwith positive and negative scenarios.
-
References to HostnameVerifier
rule-WeakHostNameVerification
- Removed Rule and Tests
- Updated Mapping
What are the relevant issue numbers?
Edited by Dinura Seneviratne