problem-based-packs.insecure-transport.java-stdlib.httpurlconnection-http-request.httpurlconnection-http-request

profile photo of semgrepsemgrep
Author
2,387
Download Count*
LGPL Commons Clause
License

Detected an HTTP request sent via HttpURLConnection. This could lead to sensitive information being sent over an insecure channel. Instead, it is recommended to send requests over HTTPS.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: httpurlconnection-http-request
    message: Detected an HTTP request sent via HttpURLConnection. This could lead to
      sensitive information being sent over an insecure channel. Instead, it is
      recommended to send requests over HTTPS.
    severity: WARNING
    metadata:
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URLConnection.html
        - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URL.html#openConnection()
      subcategory:
        - vuln
      technology:
        - java
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information
    languages:
      - java
    fix-regex:
      regex: "[Hh][Tt][Tt][Pp]://"
      replacement: https://
      count: 1
    patterns:
      - pattern: |
          "=~/[Hh][Tt][Tt][Pp]://.*/"
      - pattern-either:
          - pattern-inside: |
              URL $URL = new URL ("=~/[Hh][Tt][Tt][Pp]://.*/", ...);
              ...
              $CON = (HttpURLConnection) $URL.openConnection(...);
              ...
              $CON.$FUNC(...);
          - pattern-inside: |
              URL $URL = new URL ("=~/[Hh][Tt][Tt][Pp]://.*/", ...);
              ...
              $CON = $URL.openConnection(...);
              ...
              $CON.$FUNC(...);

Examples

httpurlconnection-http-request.java

class Bad {
    private static void sendbad1() throws IOException {
            // ruleid: httpurlconnection-http-request
            URL obj = new URL("http://example.com");
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    private static void sendbad2() throws IOException {
            String url = "http://example.com";
            // ruleid: httpurlconnection-http-request
            URL obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    public static void sendbad3() throws IOException {
            String url = "http://example.com";
            // ruleid: httpurlconnection-http-request
            URL urlObj = new URL(url);
            URLConnection urlCon = urlObj.openConnection();
            InputStream inputStream = urlCon.getInputStream();
    }

    public static void sendbad4() throws IOException {
            // ruleid: httpurlconnection-http-request
            URL urlObj = new URL("http://example.com");
            URLConnection urlCon = urlObj.openConnection();
            int responseCode = urlCon.getResponseCode();
    }
}

public class Ok {
    private static void sendok1() throws IOException {
            // ok: httpurlconnection-http-request
            URL obj = new URL("https://example.com");
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    private static void sendok2() throws IOException {
            String url = "https://example.com";
            // ok: httpurlconnection-http-request
            URL obj = new URL(url);
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
            con.setRequestMethod("GET");
            con.setRequestProperty("User-Agent", USER_AGENT);
            int responseCode = con.getResponseCode();
            con.connect();
    }

    public static void sendok3() throws IOException {
            String url = "https://example.com";
            // ok: httpurlconnection-http-request
            URL urlObj = new URL(url);
            URLConnection urlCon = urlObj.openConnection();
            InputStream inputStream = urlCon.getInputStream();
    }

    public static void sendok4() throws IOException {
            // ok: httpurlconnection-http-request
            URL urlObj = new URL("https://example.com");
            URLConnection urlCon = urlObj.openConnection();
            int responseCode = urlCon.getResponseCode();
    }
}