ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5527/java/how-to-fix-it/java-se.adoc
Marco Borgeaud 7da1e57a15
Diff blocks: fix some incorrect use for java (#2801)
2023-08-10 17:12:37 +02:00

58 lines
1.4 KiB
Plaintext
Raw Blame History

== How to fix it in Java SE
=== Code examples
include::../../common/fix/code-rationale.adoc[]
:cert_method_name: javax.net.ssl.HostnameVerifier.verify()
include::../../common/fix/code-rationale-override.adoc[]
==== Noncompliant code example
[source,java,diff-id=21,diff-type=noncompliant]
----
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.HostnameVerifier;
public InputStream doRequest() {
URL url = new URL("https://example.org/");
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String requestedHost, SSLSession remoteServerSession) {
return true; // Noncompliant
}
});
return urlConnection.getInputStream();
}
----
==== Compliant solution
[source,java,diff-id=21,diff-type=compliant]
----
import java.io.InputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
public InputStream doRequest() {
URL url = new URL("https://example.org/");
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
return urlConnection.getInputStream();
}
----
=== How does this work?
include::../../common/fix/validation.adoc[]
include::../../common/fix/keytool.adoc[]
Reference in New Issue View Git Blame Copy Permalink