trailofbits.go.servercodec-readrequestbody-unhandled-nil.servercodec-readrequestbody-unhandled-nil

profile photo of trailofbitstrailofbits
Author
232
Download Count*
CC BY-NC-SA 4.0
License

The func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error function does not handle nil argument, as the ServerCodec interface requires. An incorrect implementation could lead to denial of service

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: servercodec-readrequestbody-unhandled-nil
    message: The `func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error` function does
      not handle `nil` argument, as the `ServerCodec` interface requires. An
      incorrect implementation could lead to denial of service
    languages:
      - go
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-476: NULL Pointer Dereference"
      subcategory:
        - vuln
      confidence: HIGH
      likelihood: MEDIUM
      impact: LOW
      technology:
        - --no-technology--
      description: Possible incorrect `ServerCodec` interface implementation
      references:
        - https://github.com/golang/go/blob/go1.15.2/src/net/rpc/server.go#L643-L658
      license: CC-BY-NC-SA-4.0
    patterns:
      - pattern: |
          func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error {
            ...
          }
      - pattern-not: |
          func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error {
            ...
            if $ARG == nil { ... }
            ...
          }
      - pattern-not: |
          func ($O *$CODEC) ReadRequestBody($ARG $TYPE) error {
            ...
            if $ARG != nil { ... }
            ...
          }

Examples

servercodec-readrequestbody-unhandled-nil.go

package main

import (
	"encoding/json"
	"io"
	"sync"
)

type request struct {
	Method string           `json:"method"`
	Body *json.RawMessage 	`json:"body"`
}

type TobCodecCorrect struct {
	closer io.Closer
	closed bool
	writer io.Writer
	codec  sync.Map
	req	   request
}

type TobCodecIncorrect struct {
	closer io.Closer
	closed bool
	writer io.Writer
	codec  sync.Map
	req	   request
}

// ok: servercodec-readrequestbody-unhandled-nil
func (cc *TobCodecCorrect) ReadRequestBody(body interface{}) error {
	if body == nil {
		return nil
	}

	var result [1]interface{}
	result[0] = body
	return json.Unmarshal(*cc.req.Body, &result)
}

// ok: servercodec-readrequestbody-unhandled-nil
func (cc *TobCodecCorrect) ReadRequestBody(body interface{}) error {
	var result [1]interface{}
	if body != nil {
		result[0] = body
		return json.Unmarshal(*cc.req.Body, &result)
	}
}

// ruleid: servercodec-readrequestbody-unhandled-nil
func (ci *TobCodecIncorrect) ReadRequestBody(body interface{}) error {
	var result [1]interface{}
	result[0] = body
	return json.Unmarshal(*ci.req.Body, &result)
}