problem-based-packs.insecure-transport.java-spring.spring-http-request.spring-http-request
semgrepAuthor
6,272
Download Count*
License
Checks for requests sent via Java Spring RestTemplate API to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
Run Locally
Run in CI
Defintion
rules:
- id: spring-http-request
message: Checks for requests sent via Java Spring RestTemplate API to http://
URLS. This is dangerous because the server is attempting to connect to a
website that does not encrypt traffic with TLS. Instead, send requests
only to https:// URLS.
severity: WARNING
metadata:
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
category: security
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
owasp: A03:2017 - Sensitive Data Exposure
references:
- https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/client/RestTemplate.html#delete-java.lang.String-java.util.Map-
- https://www.baeldung.com/rest-template
subcategory:
- vuln
technology:
- spring
vulnerability: Insecure Transport
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
languages:
- java
fix-regex:
regex: "[Hh][Tt][Tt][Pp]://"
replacement: https://
count: 1
patterns:
- pattern-either:
- pattern: |
$RESTTEMP = new RestTemplate(...);
...
$RESTTEMP.$FUNC("=~/[hH][tT][tT][pP]://.*/", ...);
- pattern: |
$RESTTEMP = new RestTemplate(...);
...
String $URL = "=~/[hH][tT][tT][pP]://.*/";
...
$RESTTEMP.$FUNC($URL, ...);
- pattern: |
$RESTTEMP = new RestTemplate(...);
...
$URL = new URI(..., "=~/[hH][tT][tT][pP]://.*/", ...);
...
$RESTTEMP.$FUNC($URL, ...);
- metavariable-regex:
metavariable: $FUNC
regex: (delete|doExecute|exchange|getForEntity|getForObject|headForHeaders|optionsForAllow|patchForObject|postForEntity|postForLocation|postForObject|put)
Examples
spring-http-request.java
public class Bad {
public void bad1() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
return restTemplate.delete("http://example.com");
}
public void bad2() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String url = "http://example.com";
void hello = restTemplate.delete(url, object);
}
public void bad3() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
URI url = new URI("http://example.com");
void hello = restTemplate.delete(url, object);
}
public void bad4() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
return restTemplate.doExecute("http://example.com");
}
public void bad5() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String url = "http://example.com";
result = restTemplate.doExecute(url, object);
}
public void bad6() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
URI url = new URI("http://example.com");
result = restTemplate.doExecute(url, object);
}
public void bad7() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String fooResourceUrl
= "http://localhost:8080/spring-rest/foos";
ResponseEntity<String> response
= restTemplate.getForEntity(fooResourceUrl, String.class);
assertThat(response.getStatusCode(), equalTo(HttpStatus.OK));
}
public void bad8() {
// ruleid: spring-http-request
RestTemplate restTemplate = new RestTemplate();
HttpEntity<Foo> request = new HttpEntity<>(new Foo("bar"));
String fooResourceUrl = "http://example.com";
Foo foo = restTemplate.postForObject(fooResourceUrl, request, Foo.class);
assertThat(foo, notNullValue());
assertThat(foo.getName(), is("bar"));
}
public void bad9() {
// ruleid: spring-http-request
restTemplate template = new RestTemplate();
Foo updatedInstance = new Foo("newName");
updatedInstance.setId(createResponse.getBody().getId());
String resourceUrl = "http://example.com";
HttpEntity<Foo> requestUpdate = new HttpEntity<>(updatedInstance, headers);
template.exchange(resourceUrl, HttpMethod.PUT, requestUpdate, Void.class);
}
}
public class Ok {
public void ok1() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
return restTemplate.delete("https://example.com");
}
public void ok2() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String url = "https://example.com";
void hello = restTemplate.delete(url, object);
}
public void ok3() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
URI url = new URI("https://example.com");
void hello = restTemplate.delete(url, object);
}
public void ok4() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
return restTemplate.doExecute("https://example.com");
}
public void ok5() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String url = "https://example.com";
result = restTemplate.doExecute(url, object);
}
public void ok6() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
URI url = new URI("https://example.com");
result = restTemplate.doExecute(url, object);
}
public void ok7() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
String fooResourceUrl
= "https://localhost:8080/spring-rest/foos";
ResponseEntity<String> response
= restTemplate.getForEntity(fooResourceUrl, String.class);
assertThat(response.getStatusCode(), equalTo(HttpStatus.OK));
}
public void ok8() {
// ok: spring-http-request
RestTemplate restTemplate = new RestTemplate();
HttpEntity<Foo> request = new HttpEntity<>(new Foo("bar"));
String fooResourceUrl = "https://example.com";
Foo foo = restTemplate.postForObject(fooResourceUrl, request, Foo.class);
assertThat(foo, notNullValue());
assertThat(foo.getName(), is("bar"));
}
public void ok9() {
// ok: spring-http-request
restTemplate template = new RestTemplate();
Foo updatedInstance = new Foo("newName");
updatedInstance.setId(createResponse.getBody().getId());
String resourceUrl = "https://example.com";
HttpEntity<Foo> requestUpdate = new HttpEntity<>(updatedInstance, headers);
template.exchange(resourceUrl, HttpMethod.PUT, requestUpdate, Void.class);
}
}
Short Link: https://sg.run/KlB5