problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request

profile photo of returntocorpreturntocorp
Author
2,387
Download Count*

Checks for requests sent via HttpURLConnection and URLObj to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.

Run Locally

Run in CI

Defintion

rules:
  - id: httpurlconnection-http-request
    message: Checks for requests sent via HttpURLConnection and URLObj to http://
      URLS. This is dangerous because the server is attempting to connect to a
      website that does not encrypt traffic with TLS. Instead, send requests
      only to https:// URLS.
    severity: WARNING
    metadata:
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URLConnection.html
        - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URL.html#openConnection()
      subcategory:
        - vuln
      technology:
        - java
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - java
    fix-regex:
      regex: "[Hh][Tt][Tt][Pp]://"
      replacement: https://
      count: 1
    pattern-either:
      - pattern: |
          URL $URL = new URL ("=~/[Hh][Tt][Tt][Pp]://.*/", ...);
          ...
          $CON = (HttpURLConnection) $URL.openConnection(...);
          ...
          $CON.$FUNC(...);
      - pattern: |
          URL $URL = new URL ("=~/[Hh][Tt][Tt][Pp]://.*/", ...);
          ...
          $CON = $URL.openConnection(...);
          ...
          $CON.$FUNC(...);

Examples

httpurlconnection-http-request.java

class Bad {
    private static void sendbad1() throws IOException {
            // ruleid: httpurlconnection-http-request
            URL obj = new URL("http://example.com");
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    private static void sendbad2() throws IOException {
            String url = "http://example.com";
            // ruleid: httpurlconnection-http-request
            URL obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    public static void sendbad3() throws IOException {
            String url = "http://example.com";
            // ruleid: httpurlconnection-http-request
            URL urlObj = new URL(url);
            URLConnection urlCon = urlObj.openConnection();
            InputStream inputStream = urlCon.getInputStream();
    }

    public static void sendbad4() throws IOException {
            // ruleid: httpurlconnection-http-request
            URL urlObj = new URL("http://example.com");
            URLConnection urlCon = urlObj.openConnection();
            int responseCode = urlCon.getResponseCode();
    }
}

public class Ok {
    private static void sendok1() throws IOException {
            // ok: httpurlconnection-http-request
            URL obj = new URL("https://example.com");
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    private static void sendok2() throws IOException {
            String url = "https://example.com";
            // ok: httpurlconnection-http-request
            URL obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    public static void sendok3() throws IOException {
            String url = "https://example.com";
            // ok: httpurlconnection-http-request
            URL urlObj = new URL(url);
            URLConnection urlCon = urlObj.openConnection();
            InputStream inputStream = urlCon.getInputStream();
    }

    public static void sendok4() throws IOException {
            // ok: httpurlconnection-http-request
            URL urlObj = new URL("https://example.com");
            URLConnection urlCon = urlObj.openConnection();
            int responseCode = urlCon.getResponseCode();
    }
}