problem-based-packs.insecure-transport.ruby-stdlib.net-telnet-request.net-telnet-request

profile photo of semgrepsemgrep
Author
6,272
Download Count*
LGPL Commons Clause
License

Checks for creation of telnet servers or attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: net-telnet-request
    message: Checks for creation of telnet servers or attempts to connect through
      telnet. This is insecure as the telnet protocol supports no encryption,
      and data passes through unencrypted.
    severity: WARNING
    metadata:
      likelihood: MEDIUM
      impact: MEDIUM
      confidence: MEDIUM
      category: security
      cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
      owasp: A03:2017 - Sensitive Data Exposure
      references:
        - https://docs.ruby-lang.org/en/2.2.0/Net/Telnet.html
        - https://www.rubydoc.info/gems/net-ssh-telnet2/0.1.0/Net/SSH/Telnet
      subcategory:
        - vuln
      technology:
        - ruby
      vulnerability: Insecure Transport
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information
    languages:
      - ruby
    pattern-either:
      - pattern: |
          Net::Telnet::new(...)
      - pattern: |
          Net::SSH::Telnet.new(...)

Examples

net-telnet-request.rb

def bad1
  # ruleid: net-telnet-request
  localhost = Net::Telnet::new("Host" => "localhost",
                              "Timeout" => 10,
                              "Prompt" => /[$%#>] \z/n)
  localhost.login("username", "password") { |c| print c }
  localhost.cmd("command") { |c| print c }
  localhost.close
end

def bad2
  # ruleid: net-telnet-request
  pop = Net::Telnet::new("Host" => "your_destination_host_here",
                        "Port" => 110,
                        "Telnetmode" => false,
                        "Prompt" => /^\+OK/n)
  pop.cmd("user " + "your_username_here") { |c| print c }
  pop.cmd("pass " + "your_password_here") { |c| print c }
  pop.cmd("list") { |c| print c }
end

def bad3
  # ruleid: net-telnet-request
  s = Net::SSH::Telnet.new(
        "Dump_log" => "/dev/stdout",
        "Session" => ssh
  )
  puts "Logged in"
  p s.cmd("echo hello")
end

def ok1
  # ok: net-telnet-request
  Net::SSH.start("host", "user", password: "password") do |ssh|
    result = ssh.exec!("ls -l")
    puts result
  end
end