csharp.lang.correctness.sslcertificatetrust.sslcertificatetrust-handshake-no-trust.correctness-sslcertificatetrust-handshake-no-trust

profile photo of returntocorpreturntocorp
Author
unknown
Download Count*

Sending the trusted CA list increases the size of the handshake request and can leak system configuration information.

Run Locally

Run in CI

Defintion

rules:
  - id: correctness-sslcertificatetrust-handshake-no-trust
    patterns:
      - pattern-either:
          - pattern: SslCertificateTrust.$METHOD($COLLECTION,sendTrustInHandshake=true)
          - pattern: SslCertificateTrust.$METHOD($COLLECTION,true)
      - metavariable-regex:
          metavariable: $METHOD
          regex: CreateForX509(Collection|Store)
    fix: SslCertificateTrust.$METHOD($COLLECTION,false)
    message: Sending the trusted CA list increases the size of the handshake request
      and can leak system configuration information.
    languages:
      - csharp
    metadata:
      references:
        - https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509collection?view=net-6.0#remarks
        - https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslcertificatetrust.createforx509store?view=net-6.0#remarks
      cwe: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
      owasp: A03:2017 - Sensitive Data Exposure
      category: correctness
      technology:
        - .net
      confidence: HIGH
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    severity: WARNING

Examples

sslcertificatetrust-handshake-no-trust.cs

public class Foo{
    private void SomeFunction(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection,true);
    }

    private void SomeFunction2(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection,sendTrustInHandshake=true);
    }

    private void SomeFunction3(string arg1){
        //ok: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Collection(certCollection);
    }

    private void SomeFunction4(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection,true);
    }

    private void SomeFunction5(string arg1){
        //ruleid: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection,sendTrustInHandshake=true);
    }

    private void SomeFunction6(string arg1){
        //ok: correctness-sslcertificatetrust-handshake-no-trust
        var collection = SslCertificateTrust.CreateForX509Store(certCollection);
    }
}