gitlab.gosec.G102-1

unknown

Download Count*

License

Binding to all network interfaces can potentially open up a service to traffic on unintended interfaces, that may not be properly documented or secured. This plugin test looks for a string pattern “0.0.0.0” that may indicate a hardcoded binding to all network interfaces.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: gosec.G102-1
    patterns:
      - pattern-either:
          - pattern: net.Listen(..., "$ADDR")
          - pattern: tls.Listen(..., "$ADDR", ...)
      - metavariable-regex:
          metavariable: $ADDR
          regex: 0.0.0.0:[0-9]+
    message: |
      Binding to all network interfaces can potentially open up a service to
      traffic on unintended interfaces, that may not be properly documented or
      secured. This plugin test looks for a string pattern “0.0.0.0” that may
      indicate a hardcoded binding to all network interfaces.
    metadata:
      cwe: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
      owasp: "A6: Security Misconfiguration"
      primary_identifier: gosec.G102-1
      secondary_identifiers:
        - name: Gosec Rule ID G102
          type: gosec_rule_id
          value: G102
      license: MIT
    severity: WARNING
    languages:
      - go

Short Link: https://sg.run/28xr