csharp.lang.security.http.http-listener-wildcard-bindings.http-listener-wildcard-bindings
semgrep
Author
unknown
Download Count*
License
The top level wildcard bindings $PREFIX leaves your application open to security vulnerabilities and give attackers more control over where traffic is routed. If you must use wildcards, consider using subdomain wildcard binding. For example, you can use "*.asdf.gov" if you own all of "asdf.gov".
Run Locally
Run in CI
Defintion
rules:
- id: http-listener-wildcard-bindings
severity: WARNING
languages:
- C#
metadata:
cwe:
- "CWE-706: Use of Incorrectly-Resolved Name or Reference"
owasp:
- A01:2021 - Broken Access Control
references:
- https://docs.microsoft.com/en-us/dotnet/api/system.net.httplistener?view=net-6.0
category: security
technology:
- .net
confidence: MEDIUM
subcategory:
- vuln
likelihood: LOW
impact: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Improper Authorization
message: The top level wildcard bindings $PREFIX leaves your application open to
security vulnerabilities and give attackers more control over where
traffic is routed. If you must use wildcards, consider using subdomain
wildcard binding. For example, you can use "*.asdf.gov" if you own all of
"asdf.gov".
patterns:
- pattern-inside: |
using System.Net;
...
- pattern: $LISTENER.Prefixes.Add("$PREFIX")
- metavariable-regex:
metavariable: $PREFIX
regex: (http|https)://(\*|\+)(.[a-zA-Z]{2,})?:[0-9]+
Examples
http-listener-wildcard-bindings.cs
using System;
using System.Net;
namespace HttpListenerWildcard {
class MyBadHttpListener {
public static void HttpListenerWildcard() {
HttpListener listener = new HttpListener();
// ruleid: http-listener-wildcard-bindings
listener.Prefixes.Add("http://*:8080");
// ruleid: http-listener-wildcard-bindings
listener.Prefixes.Add("http://+:8080");
// ruleid: http-listener-wildcard-bindings
listener.Prefixes.Add("https://*:8080");
// ruleid: http-listener-wildcard-bindings
listener.Prefixes.Add("https://+:8080");
// ruleid: http-listener-wildcard-bindings
listener.Prefixes.Add("https://*.com:8080");
// ok
listener.Prefixes.Add("https://0.0.0.0:8080");
// ok
listener.Prefixes.Add("http://www.contoso.com:8080/");
// ok
listener.Prefixes.Add("http://*.test.com:8080");
listener.Start();
}
}
}
Short Link: https://sg.run/9LJr