problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request

profile photo of returntocorpreturntocorp
Author
2,387
Download Count*

Insecure transport rules to catch socket connections to http, telnet, and ftp servers. This is dangerous because these are protocols that do not encrypt traffic.

Run Locally

Run in CI

Defintion

rules:
  - id: socket-request
    message: Insecure transport rules to catch socket connections to http, telnet,
      and ftp servers. This is dangerous because these are protocols that do not
      encrypt traffic.
    severity: WARNING
    metadata:
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: LOW
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://docs.oracle.com/javase/8/docs/api/java/net/Socket.html
      subcategory:
        - audit
      technology:
        - java
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - java
    pattern-either:
      - pattern: |
          $SOCKET = new Socket("=~/[tT][eE][lL][nN][eE][tT]://.*/", ...);
          ...
          $OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
          ...
          $OUT.$FUNC(...);
      - pattern: |
          $SOCKET = new Socket("=~/^[fF][tT][pP]://.*/", ...);
          ...
          $OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
          ...
          $OUT.$FUNC(...);
      - pattern: |
          $SOCKET = new Socket("=~/[hH][tT][tT][pP]://.*/", ...);
          ...
          $OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
          ...
          $OUT.$FUNC(...);

Examples

socket-request.java

class Bad {
    public void badsocket1() {
        // ruleid: socket-request
        pingSocket = new Socket("telnet://example.com", 23);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void badsocket2() {
        // ruleid: socket-request
        pingSocket = new Socket("ftp://example.com", 21);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void badsocket3() {
        // ruleid: socket-request
        pingSocket = new Socket("http://example.com", 80);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void badsocket4() {
        String servername = "telnet://example.com";
        // ruleid: socket-request
        pingSocket = new Socket(servername, 23);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void badsocket5() {
        String servername = "ftp://example.com";
        // ruleid: socket-request
        pingSocket = new Socket(servername, 23);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void badsocket6() {
        String servername = "http://example.com";
        // ruleid: socket-request
        pingSocket = new Socket(servername, 23);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }
}

class Ok {
    public void oksocket1() {
        // ok: socket-request
        pingSocket = new Socket("ssh://example.com", 22);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void oksocket2() {
        // ok: socket-request
        pingSocket = new Socket("sftp://example.com", 22);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void oksocket3() {
        // ok: socket-request
        pingSocket = new Socket("https://example.com", 443);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void oksocket4() {
        String servername = "ssh://example.com";
        // ok: socket-request
        pingSocket = new Socket(servername, 22);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void oksocket5() {
        String servername = "sftp://example.com";
        // ok: socket-request
        pingSocket = new Socket(servername, 23);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }

    public void oksocket6() {
        String servername = "https://example.com";
        // ok: socket-request
        pingSocket = new Socket(servername, 443);
        out = new PrintWriter(pingSocket.getOutputStream(), true);
        in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));

            out.println("ping");
            System.out.println(in.readLine());
            out.close();
            in.close();
            pingSocket.close();
    }
}