gitlab.find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1

unknown

Download Count*

License

Beyond using an SSL socket, you need to make sure your use of SSLSocketFactory does all the appropriate certificate validation checks to make sure you are not subject to man-in-the-middle attacks. Please read the OWASP Transport Layer Protection Cheat Sheet for details on how to do this correctly.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1
    patterns:
      - pattern: new java.net.Socket(...)
    languages:
      - java
    message: >
      Beyond using an SSL socket, you need to make sure your use of
      SSLSocketFactory

      does all the appropriate certificate validation checks to make sure you are not

      subject to man-in-the-middle attacks. Please read the OWASP Transport Layer

      Protection Cheat Sheet for details on how to do this correctly.
    metadata:
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      primary_identifier: find_sec_bugs.UNENCRYPTED_SOCKET-1.UNENCRYPTED_SERVER_SOCKET-1
      secondary_identifiers:
        - name: Find Security Bugs-UNENCRYPTED_SOCKET
          type: find_sec_bugs_type
          value: UNENCRYPTED_SOCKET
        - name: Find Security Bugs-UNENCRYPTED_SERVER_SOCKET
          type: find_sec_bugs_type
          value: UNENCRYPTED_SERVER_SOCKET
      license: MIT
    severity: WARNING

Short Link: https://sg.run/4k1Z