rust.lang.security.rustls-dangerous.rustls-dangerous

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

Dangerous client config used, ensure SSL verification

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: rustls-dangerous
    message: Dangerous client config used, ensure SSL verification
    pattern-either:
      - pattern: rustls::client::DangerousClientConfig
      - pattern: $CLIENT.dangerous().set_certificate_verifier(...)
      - pattern: |
          let $CLIENT = rustls::client::ClientConfig::dangerous(...);
          ...
          $CLIENT.set_certificate_verifier(...);
    metadata:
      references:
        - https://docs.rs/rustls/latest/rustls/client/struct.DangerousClientConfig.html
        - https://docs.rs/rustls/latest/rustls/client/struct.ClientConfig.html#method.dangerous
      technology:
        - rustls
      category: security
      cwe: "CWE-295: Improper Certificate Validation"
      confidence: HIGH
      likelihood: LOW
      impact: MEDIUM
      subcategory: vuln
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Improper Authentication
    languages:
      - rust
    severity: WARNING

Examples

rustls-dangerous.rs

use rustls::{RootCertStore, Certificate, ServerCertVerified, TLSError, ServerCertVerifier};

let verifier = MyServerCertVerifie;

// ok: rustls-dangerous
let mut c1 = rustls::client::ClientConfig::new();

// Remove todo when Rust supports direct module references
// ruleid: rustls-dangerous
let mut c2 = rustls::client::DangerousClientConfig {cfg: &mut cfg};
c2.set_certificate_verifier(verifier);

let mut c3 = rustls::client::ClientConfig::new();
// ruleid: rustls-dangerous
c3.dangerous().set_certificate_verifier(verifier);

// ruleid: rustls-dangerous
let mut c4 = rustls::client::ClientConfig::dangerous(&mut ());
c4.set_certificate_verifier(verifier);