problem-based-packs.insecure-transport.ruby-stdlib.net-telnet-request.net-telnet-request
semgrep
Author
6,272
Download Count*
License
Checks for creation of telnet servers or attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.
Run Locally
Run in CI
Defintion
rules:
- id: net-telnet-request
message: Checks for creation of telnet servers or attempts to connect through
telnet. This is insecure as the telnet protocol supports no encryption,
and data passes through unencrypted.
severity: WARNING
metadata:
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
category: security
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
owasp: A03:2017 - Sensitive Data Exposure
references:
- https://docs.ruby-lang.org/en/2.2.0/Net/Telnet.html
- https://www.rubydoc.info/gems/net-ssh-telnet2/0.1.0/Net/SSH/Telnet
subcategory:
- vuln
technology:
- ruby
vulnerability: Insecure Transport
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
languages:
- ruby
pattern-either:
- pattern: |
Net::Telnet::new(...)
- pattern: |
Net::SSH::Telnet.new(...)
Examples
net-telnet-request.rb
def bad1
# ruleid: net-telnet-request
localhost = Net::Telnet::new("Host" => "localhost",
"Timeout" => 10,
"Prompt" => /[$%#>] \z/n)
localhost.login("username", "password") { |c| print c }
localhost.cmd("command") { |c| print c }
localhost.close
end
def bad2
# ruleid: net-telnet-request
pop = Net::Telnet::new("Host" => "your_destination_host_here",
"Port" => 110,
"Telnetmode" => false,
"Prompt" => /^\+OK/n)
pop.cmd("user " + "your_username_here") { |c| print c }
pop.cmd("pass " + "your_password_here") { |c| print c }
pop.cmd("list") { |c| print c }
end
def bad3
# ruleid: net-telnet-request
s = Net::SSH::Telnet.new(
"Dump_log" => "/dev/stdout",
"Session" => ssh
)
puts "Logged in"
p s.cmd("echo hello")
end
def ok1
# ok: net-telnet-request
Net::SSH.start("host", "user", password: "password") do |ssh|
result = ssh.exec!("ls -l")
puts result
end
end
Short Link: https://sg.run/dKQE