Minor refactoring to suppress CodeQL flags

Avery-Dunn · Avery-Dunn · commit ede822fc681b · 2025-02-17T14:49:23.000-08:00
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClientManagedIdentity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClientManagedIdentity.java
@@ -29,18 +29,14 @@
  */
 class DefaultHttpClientManagedIdentity extends DefaultHttpClient {
 
-    // CodeQL [SM03767] False positive: in addTrustedCertificateThumbprint() we create a TrustManager that only trusts a certificate with specified thumbprint.
-    public static final HostnameVerifier ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER;
-
-    static {
-        ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER = new HostnameVerifier() {
-            @SuppressWarnings("BadHostnameVerifier")
-            @Override
-            public boolean verify(String hostname, SSLSession session) {
-                return true;
-            }
-        };
-    }
+    // CodeQL [SM03767] False positive: in addTrustedCertificateThumbprint() we create a TrustManager that only trusts a certificate with a specific thumbprint.
+    public static final HostnameVerifier ALL_HOSTS_ACCEPT_HOSTNAME_VERIFIER = new HostnameVerifier() {
+        @SuppressWarnings("BadHostnameVerifier")
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+            return true; // Allow all hostnames, however the TrustManager created later on will only trust a certificate with a specific thumbprint.
+        }
+    };
 
     DefaultHttpClientManagedIdentity(Proxy proxy, SSLSocketFactory sslSocketFactory, Integer connectTimeout, Integer readTimeout) {
         super(proxy, sslSocketFactory, connectTimeout, readTimeout);
@@ -164,5 +160,4 @@ private static String extractCertificateThumbprint(Certificate certificate) {
             throw new MsalClientException("NoSuchAlgorithmException when extracting certificate thumbprint: ", e.getMessage());
         }
     }
-
 }
diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
@@ -32,7 +32,7 @@ static void removeStateNonceCookies(HttpServletResponse httpResponse){
         Cookie stateCookie = new Cookie(MSAL_WEB_APP_STATE_COOKIE, "");
         stateCookie.setMaxAge(0);
 
-        // CodeQL [java/insecure-cookie]: Suppressing CodeQL warning since this is just a sample
+        // CodeQL [SM00710]: CodeQL flagged this as the 'secure' flag was not set on this cookie, however this is just a sample to help with manual testing.
         httpResponse.addCookie(stateCookie);
 
         Cookie nonceCookie = new Cookie(MSAL_WEB_APP_NONCE_COOKIE, "");
