problem-based-packs.insecure-transport.java-stdlib.tls-renegotiation.tls-renegotiation

returntocorp

Author

6,272

Download Count*

License

Checks for cases where java applications are allowing unsafe renegotiation. This leaves the application vulnerable to a man-in-the-middle attack where chosen plain text is injected as prefix to a TLS connection.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: tls-renegotiation
    message: Checks for cases where java applications are allowing unsafe
      renegotiation. This leaves the application vulnerable to a
      man-in-the-middle attack where chosen plain text is injected as prefix to
      a TLS connection.
    severity: WARNING
    metadata:
      likelihood: LOW
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://www.oracle.com/java/technologies/javase/tlsreadme.html
      subcategory:
        - vuln
      technology:
        - java
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information
    languages:
      - java
    pattern: >
      java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
      true);

Examples

tls-renegotiation.java

class Bad {
    public void bad1() {
        // ruleid: tls-renegotiation
        java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", true);
    }
}

class Ok {
    public void ok1() {
        // ok: tls-renegotiation
        java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", false);
    }
}

Short Link: https://sg.run/jR5N