problem-based-packs.insecure-transport.java-stdlib.socket-request.socket-request
semgrepAuthor
2,387
Download Count*
License
Insecure transport rules to catch socket connections to http, telnet, and ftp servers. This is dangerous because these are protocols that do not encrypt traffic.
Run Locally
Run in CI
Defintion
rules:
- id: socket-request
message: Insecure transport rules to catch socket connections to http, telnet,
and ftp servers. This is dangerous because these are protocols that do not
encrypt traffic.
severity: WARNING
metadata:
likelihood: MEDIUM
impact: MEDIUM
confidence: LOW
category: security
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
owasp: A03:2017 - Sensitive Data Exposure
references:
- https://docs.oracle.com/javase/8/docs/api/java/net/Socket.html
subcategory:
- audit
technology:
- java
vulnerability: Insecure Transport
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
languages:
- java
pattern-either:
- pattern: |
$SOCKET = new Socket("=~/[tT][eE][lL][nN][eE][tT]://.*/", ...);
...
$OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
...
$OUT.$FUNC(...);
- pattern: |
$SOCKET = new Socket("=~/^[fF][tT][pP]://.*/", ...);
...
$OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
...
$OUT.$FUNC(...);
- pattern: |
$SOCKET = new Socket("=~/[hH][tT][tT][pP]://.*/", ...);
...
$OUT = new PrintWriter($SOCKET.getOutputStream(...), ...);
...
$OUT.$FUNC(...);
Examples
socket-request.java
class Bad {
public void badsocket1() {
// ruleid: socket-request
pingSocket = new Socket("telnet://example.com", 23);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void badsocket2() {
// ruleid: socket-request
pingSocket = new Socket("ftp://example.com", 21);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void badsocket3() {
// ruleid: socket-request
pingSocket = new Socket("http://example.com", 80);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void badsocket4() {
String servername = "telnet://example.com";
// ruleid: socket-request
pingSocket = new Socket(servername, 23);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void badsocket5() {
String servername = "ftp://example.com";
// ruleid: socket-request
pingSocket = new Socket(servername, 23);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void badsocket6() {
String servername = "http://example.com";
// ruleid: socket-request
pingSocket = new Socket(servername, 23);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
}
class Ok {
public void oksocket1() {
// ok: socket-request
pingSocket = new Socket("ssh://example.com", 22);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void oksocket2() {
// ok: socket-request
pingSocket = new Socket("sftp://example.com", 22);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void oksocket3() {
// ok: socket-request
pingSocket = new Socket("https://example.com", 443);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void oksocket4() {
String servername = "ssh://example.com";
// ok: socket-request
pingSocket = new Socket(servername, 22);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void oksocket5() {
String servername = "sftp://example.com";
// ok: socket-request
pingSocket = new Socket(servername, 23);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
public void oksocket6() {
String servername = "https://example.com";
// ok: socket-request
pingSocket = new Socket(servername, 443);
out = new PrintWriter(pingSocket.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(pingSocket.getInputStream()));
out.println("ping");
System.out.println(in.readLine());
out.close();
in.close();
pingSocket.close();
}
}
Short Link: https://sg.run/2x9L