csharp.lang.correctness.sslcertificatetrust.sslcertificatetrust-handshake-no-trust.correctness-sslcertificatetrust-handshake-no-trust
semgrep
Author
unknown
Download Count*
License
Sending the trusted CA list increases the size of the handshake request and can leak system configuration information.
Run Locally
Run in CI
Defintion
rules:
- id: correctness-sslcertificatetrust-handshake-no-trust
patterns:
- pattern-either:
- pattern: SslCertificateTrust.$METHOD($COLLECTION,sendTrustInHandshake=true)
- pattern: SslCertificateTrust.$METHOD($COLLECTION,true)
- metavariable-regex:
metavariable: $METHOD
regex: CreateForX509(Collection|Store)
fix: SslCertificateTrust.$METHOD($COLLECTION,false)
message: Sending the trusted CA list increases the size of the handshake request
and can leak system configuration information.
languages:
- csharp
metadata:
references:
- https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509collection?view=net-6.0#remarks
- https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509store?view=net-6.0#remarks
cwe: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
owasp: A03:2017 - Sensitive Data Exposure
category: correctness
technology:
- .net
confidence: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
severity: WARNING
Examples
sslcertificatetrust-handshake-no-trust.cs
public class Foo{
private void SomeFunction(string arg1){
//ruleid: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Collection(certCollection,true);
}
private void SomeFunction2(string arg1){
//ruleid: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Collection(certCollection,sendTrustInHandshake=true);
}
private void SomeFunction3(string arg1){
//ok: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Collection(certCollection);
}
private void SomeFunction4(string arg1){
//ruleid: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Store(certCollection,true);
}
private void SomeFunction5(string arg1){
//ruleid: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Store(certCollection,sendTrustInHandshake=true);
}
private void SomeFunction6(string arg1){
//ok: correctness-sslcertificatetrust-handshake-no-trust
var collection = SslCertificateTrust.CreateForX509Store(certCollection);
}
}
Short Link: https://sg.run/Je2w