Skip to content

Commit 54f3d44

Browse files
authored
Merge pull request #940 from AzureAD/akaliugonna/codeqlIssues
Address codeql alerts
2 parents 88e4f85 + 5498402 commit 54f3d44

File tree

3 files changed

+4
-1
lines changed

3 files changed

+4
-1
lines changed

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClientManagedIdentity.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@
2929
*/
3030
class DefaultHttpClientManagedIdentity extends DefaultHttpClient {
3131

32-
// CodeQL [SM03767] False positive: in addTrustedCertificateThumbprint() we create a TrustManager that only trusts a certificate with a specific thumbprint.
3332
public static final HostnameVerifier ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER = new HostnameVerifier() {
3433
@SuppressWarnings("BadHostnameVerifier")
3534
@Override
@@ -85,6 +84,8 @@ public static void addTrustedCertificateThumbprint(HttpsURLConnection httpsUrlCo
8584
String certificateThumbprint) {
8685
//We expect the connection to work against a specific server side certificate only, so it's safe to disable the
8786
// host name verification.
87+
88+
// CodeQL [SM03767] False positive: the TrustManager created later on will only trust a certificate with a specific thumbprint.
8889
if (httpsUrlConnection.getHostnameVerifier() != ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER) {
8990
httpsUrlConnection.setHostnameVerifier(ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER);
9091
}

msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ static void removeStateNonceCookies(HttpServletResponse httpResponse){
3131

3232
Cookie stateCookie = new Cookie(MSAL_WEB_APP_STATE_COOKIE, "");
3333
stateCookie.setMaxAge(0);
34+
stateCookie.setSecure(true);
3435

3536
httpResponse.addCookie(stateCookie);
3637

msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ static void removeStateNonceCookies(HttpServletResponse httpResponse){
3131

3232
Cookie stateCookie = new Cookie(MSAL_WEB_APP_STATE_COOKIE, "");
3333
stateCookie.setMaxAge(0);
34+
stateCookie.setSecure(true);
3435

3536
httpResponse.addCookie(stateCookie);
3637

0 commit comments

Comments
 (0)