github
diff --git a/‎…-295/JXBrowserWithoutCertValidation.java‎ ‎…-295/JxBrowserWithoutCertValidation.java‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.java renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.java b/‎…-295/JXBrowserWithoutCertValidation.java‎ ‎…-295/JxBrowserWithoutCertValidation.java‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.java renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.java
diff --git a/‎…295/JXBrowserWithoutCertValidation.qhelp‎ ‎…295/JxBrowserWithoutCertValidation.qhelp‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.qhelp renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
Lines changed: 6 additions & 6 deletions b/‎…295/JXBrowserWithoutCertValidation.qhelp‎ ‎…295/JxBrowserWithoutCertValidation.qhelp‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.qhelp renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.qhelp
Lines changed: 6 additions & 6 deletions
diff --git a/‎…WE-295/JXBrowserWithoutCertValidation.ql‎ ‎…WE-295/JxBrowserWithoutCertValidation.ql‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.ql renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
Lines changed: 25 additions & 25 deletions b/‎…WE-295/JXBrowserWithoutCertValidation.ql‎ ‎…WE-295/JxBrowserWithoutCertValidation.ql‎java/ql/src/experimental/Security/CWE/CWE-295/JXBrowserWithoutCertValidation.ql renamed to java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
Lines changed: 25 additions & 25 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.expected‎
Lines changed: 0 additions & 1 deletion b/‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.expected‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.qlref‎
Lines changed: 0 additions & 1 deletion b/‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.qlref‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.expected‎
Lines changed: 1 addition & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.expected‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎…-295/JXBrowserWithoutCertValidation.java‎ ‎…-295/JxBrowserWithoutCertValidation.java‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.java renamed to java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.java
Lines changed: 1 addition & 1 deletion b/‎…-295/JXBrowserWithoutCertValidation.java‎ ‎…-295/JxBrowserWithoutCertValidation.java‎java/ql/test/experimental/query-tests/security/CWE-295/JXBrowserWithoutCertValidation.java renamed to java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.qlref‎
Lines changed: 1 addition & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-295/JxBrowserWithoutCertValidation.qlref‎
Lines changed: 1 addition & 0 deletions
@@ -4,14 +4,14 @@
 <qhelp>
 
 <overview>
-<p>JXBrowser is a Java library that allows to embed the Chromium browser inside Java applications.
-The version 6.x.x by default ignores any HTTPS certificate errors thereby allowing man-in-the-middle attacks.
+<p>JxBrowser is a Java library that allows to embed the Chromium browser inside Java applications.
+Versions smaller than 6.24 by default ignore any HTTPS certificate errors thereby allowing man-in-the-middle attacks.
 </p>
 </overview>
 
 <recommendation>
 <p>Do either of these:
-<li>Update to version 7.x.x as it now correctly rejects certificate errors by default.</li>
+<li>Update to version 6.24 or 7.x.x as these correctly reject certificate errors by default.</li>
 <li>Add a custom implementation of the <code>LoadHandler</code> interface whose <code>onCertificateError</code> method always returns <b>true</b> indicating that loading should be cancelled.
 Then use the <code>setLoadHandler</code> method with your custom <code>LoadHandler</code> on every <code>Browser</code> you use.</li>
 </p>
@@ -20,12 +20,12 @@ Then use the <code>setLoadHandler</code> method with your custom <code>LoadHandl
 <example>
 <p>The following two examples show two ways of using a <code>Browser</code>. In the 'BAD' case,
 all certificate errors are ignored. In the 'GOOD' case, certificate errors are rejected.</p>
-<sample src="JXBrowserWithoutCertValidation.java" />
+<sample src="JxBrowserWithoutCertValidation.java" />
 </example>
 
 <references>
 <li>Teamdev:
-<a href="https://www.teamdev.com/downloads/jxbrowser/javadoc/com/teamdev/jxbrowser/chromium/LoadHandler.html#onCertificateError-com.teamdev.jxbrowser.chromium.CertificateErrorParams-">
-Javadoc for the LoadHandler#onCertificateError method</a>.</li>
+<a href="https://jxbrowser.support.teamdev.com/support/discussions/topics/9000051708">
+Changelog of JxBrowser 6.24</a>.</li>
 </references>
 </qhelp>
@@ -1,6 +1,6 @@
 /**
- * @name JXBrowser with disabled certificate validation
- * @description Insecure configuration of JXBrowser disables certificate validation making the app vulnerable to man-in-the-middle attacks.
+ * @name JxBrowser with disabled certificate validation
+ * @description Insecure configuration of JxBrowser disables certificate validation making the app vulnerable to man-in-the-middle attacks.
  * @kind problem
  * @id java/jxbrowser/disabled-certificate-validation
  * @tags security
@@ -12,33 +12,33 @@ import semmle.code.java.security.Encryption
 import semmle.code.java.dataflow.TaintTracking
 
 /*
- * This query is version specific to JXBrowser < 6.24. The version is indirectly detected.
+ * This query is version specific to JxBrowser < 6.24. The version is indirectly detected.
  * In version 6.x.x the `Browser` class is in a different package compared to version 7.x.x.
  */
 
 /**
- * Holds if a safe JXBrowser 6.x.x version is used, such as version 6.24.
+ * Holds if a safe JxBrowser 6.x.x version is used, such as version 6.24.
  * This is detected by the the presence of the `addBoundsListener` in the `Browser` class.
  */
-private predicate isSafeJXBrowserVersion() {
-  exists(Method m | m.getDeclaringType() instanceof JXBrowser | m.hasName("addBoundsListener"))
+private predicate isSafeJxBrowserVersion() {
+  exists(Method m | m.getDeclaringType() instanceof JxBrowser | m.hasName("addBoundsListener"))
 }
 
 /** The `com.teamdev.jxbrowser.chromium.Browser` class. */
-private class JXBrowser extends RefType {
-  JXBrowser() { this.hasQualifiedName("com.teamdev.jxbrowser.chromium", "Browser") }
+private class JxBrowser extends RefType {
+  JxBrowser() { this.hasQualifiedName("com.teamdev.jxbrowser.chromium", "Browser") }
 }
 
 /** The `setLoadHandler` method on the `com.teamdev.jxbrowser.chromium.Browser` class. */
-private class JXBrowserSetLoadHandler extends Method {
-  JXBrowserSetLoadHandler() {
-    this.hasName("setLoadHandler") and this.getDeclaringType() instanceof JXBrowser
+private class JxBrowserSetLoadHandler extends Method {
+  JxBrowserSetLoadHandler() {
+    this.hasName("setLoadHandler") and this.getDeclaringType() instanceof JxBrowser
   }
 }
 
 /** The `com.teamdev.jxbrowser.chromium.LoadHandler` interface. */
-private class JXBrowserLoadHandler extends RefType {
-  JXBrowserLoadHandler() { this.hasQualifiedName("com.teamdev.jxbrowser.chromium", "LoadHandler") }
+private class JxBrowserLoadHandler extends RefType {
+  JxBrowserLoadHandler() { this.hasQualifiedName("com.teamdev.jxbrowser.chromium", "LoadHandler") }
 }
 
 private predicate isOnCertificateErrorMethodSafe(Method m) {
@@ -48,35 +48,35 @@ private predicate isOnCertificateErrorMethodSafe(Method m) {
 }
 
 /** A class that securely implements the `com.teamdev.jxbrowser.chromium.LoadHandler` interface. */
-private class JXBrowserSafeLoadHandler extends RefType {
-  JXBrowserSafeLoadHandler() {
-    this.getASupertype() instanceof JXBrowserLoadHandler and
+private class JxBrowserSafeLoadHandler extends RefType {
+  JxBrowserSafeLoadHandler() {
+    this.getASupertype() instanceof JxBrowserLoadHandler and
     exists(Method m | m.hasName("onCertificateError") and m.getDeclaringType() = this |
       isOnCertificateErrorMethodSafe(m)
     )
   }
 }
 
-private class JXBrowserTaintTracking extends TaintTracking::Configuration {
-  JXBrowserTaintTracking() { this = "JXBrowserTaintTracking" }
+private class JxBrowserTaintTracking extends TaintTracking::Configuration {
+  JxBrowserTaintTracking() { this = "JxBrowserTaintTracking" }
 
   override predicate isSource(DataFlow::Node src) {
-    exists(ClassInstanceExpr newJXBrowser | newJXBrowser.getConstructedType() instanceof JXBrowser |
-      newJXBrowser = src.asExpr()
+    exists(ClassInstanceExpr newJxBrowser | newJxBrowser.getConstructedType() instanceof JxBrowser |
+      newJxBrowser = src.asExpr()
     )
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma | ma.getMethod() instanceof JXBrowserSetLoadHandler |
-      ma.getArgument(0).getType() instanceof JXBrowserSafeLoadHandler and
+    exists(MethodAccess ma | ma.getMethod() instanceof JxBrowserSetLoadHandler |
+      ma.getArgument(0).getType() instanceof JxBrowserSafeLoadHandler and
       ma.getQualifier() = sink.asExpr()
     )
   }
 }
 
-from JXBrowserTaintTracking cfg, DataFlow::Node src
+from JxBrowserTaintTracking cfg, DataFlow::Node src
 where
   cfg.isSource(src) and
   not cfg.hasFlow(src, _) and
-  not isSafeJXBrowserVersion()
-select src, "This JXBrowser instance allows man-in-the-middle attacks."
+  not isSafeJxBrowserVersion()
+select src, "This JxBrowser instance allows man-in-the-middle attacks."
@@ -0,0 +1 @@
+| JxBrowserWithoutCertValidation.java:17:27:17:39 | new Browser(...) | This JxBrowser instance allows man-in-the-middle attacks. |
@@ -3,7 +3,7 @@
 import com.teamdev.jxbrowser.chromium.LoadParams;
 import com.teamdev.jxbrowser.chromium.CertificateErrorParams;
 
-public class JXBrowserWithoutCertValidation {
+public class JxBrowserWithoutCertValidation {
 
     public static void main(String[] args) {
 
 
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| JxBrowserWithoutCertValidation.java:17:27:17:39 \| new Browser(...) \| This JxBrowser instance allows man-in-the-middle attacks. \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql`