csharp.lang.correctness.sslcertificatetrust.sslcertificatetrust-handshake-no-trust.correctness-sslcertificatetrust-handshake-no-trust

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

Sending the trusted CA list increases the size of the handshake request and can leak system configuration information.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: correctness-sslcertificatetrust-handshake-no-trust
    patterns:
      - pattern-either:
          - pattern: SslCertificateTrust.$METHOD($COLLECTION,sendTrustInHandshake=true)
          - pattern: SslCertificateTrust.$METHOD($COLLECTION,true)
      - metavariable-regex:
          metavariable: $METHOD
          regex: CreateForX509(Collection|Store)
    fix: SslCertificateTrust.$METHOD($COLLECTION,false)
    message: Sending the trusted CA list increases the size of the handshake request
      and can leak system configuration information.
    languages:
      - csharp
    metadata:
      references:
        - https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509collection?view=net-6.0#remarks
        - https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509store?view=net-6.0#remarks
      cwe: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
      owasp: A03:2017 - Sensitive Data Exposure
      category: correctness
      technology:
        - .net
      confidence: HIGH
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information
    severity: WARNING

Examples

sslcertificatetrust-handshake-no-trust.cs

public class Foo{
    private void SomeFunction(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection,true);
    }

    private void SomeFunction2(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection,sendTrustInHandshake=true);
    }

    private void SomeFunction3(string arg1){
        //ok: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection);
    }

    private void SomeFunction4(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection,true);
    }

    private void SomeFunction5(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection,sendTrustInHandshake=true);
    }

    private void SomeFunction6(string arg1){
        //ok: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection);
    }
}