[JAVA][ApiClient.java]: Insecure SSL: Overly Broad Certificate Trust

[lupingzhu]

Description

[JAVA][ApiClient.java]: Insecure SSL: Overly Broad Certificate Trust

A critical issue was discovered by Fortify in ApiClient.java generated by swagger-codegen:

An SSL/TLS connection is created using the default pre-loaded system Certificate Authorities (CAs), which may allow attackers to intercept encrypted communications by performing man-in-the-middle (MiTM) attacks using certificates signed with compromised root CAs.

Swagger-codegen version

2.3.1

Swagger declaration file content or url

                TrustManager trustAll = new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                    @Override
                    public X509Certificate[] getAcceptedIssuers() { return null; }
                };

Command line used for generation

swagger-codegen generate

Steps to reproduce

Scan the generated code using Fortify.

Related issues/PRs

NA

Suggest a fix/enhancement

NA

[fahran]

Still reported an issue as of 3.0.8.

I'm a bit on the fence about this one; part of me thinks it's perfectly reasonable for an application to use the certificate authorities of the host; it's the job of the host to not trust compromised certificate authorities (depending on how you're running the app).

It does however make any code generated using swagger-codegen appear to contain critical vulnerabilities in Fortify, which makes for some awkward conversations with security teams.