Finding Insecure TrustManagers and Disabled Hostname Verification with CodeQL
I show how to find multiple CVEs in usage of the Java TrustManager and HostnameVerifier classes using a CodeQL query I've written and explain the individual steps taken.
Simon is a Computer Science student that loves tearing apart software to find security bugs. He wants to share his knowledge and also his CodeQL queries, to perform bug hunting at scale. He mostly finds bugs in OSS and contributes to the GitHub Security Lab Bug Bounty Program. In his free time he enjoys playing piano.