Using sockets is security-sensitive. It has led in the past to the following vulnerabilities:
Sockets are vulnerable in multiple ways:
This rules flags code that creates sockets. It matches only the direct use of sockets, not use through frameworks or high-level APIs such as the use of http connections.
You are at risk if you answered yes to any of these questions.
// === java.net ===
import java.net.Socket;
import java.net.InetAddress;
import java.net.Proxy;
import java.net.ServerSocket;
import javax.net.SocketFactory;
class A {
void foo(SocketFactory factory, String address, int port, InetAddress localAddr, int localPort, boolean stream,
String host, Proxy proxy, int backlog, InetAddress bindAddr)
throws Exception {
new Socket(); // Questionable.
new Socket(address, port); // Questionable.
new Socket(address, port, localAddr, localPort); // Questionable.
new Socket(host, port, stream); // Questionable.
new Socket(proxy); // Questionable.
new Socket(host, port); // Questionable.
new Socket(host, port, stream); // Questionable.
new Socket(host, port, localAddr, localPort); // Questionable.
new ServerSocket(); // Questionable.
new ServerSocket(port); // Questionable.
new ServerSocket(port, backlog); // Questionable.
new ServerSocket(port, backlog, bindAddr); // Questionable.
factory.createSocket(); // Questionable
}
}
abstract class mySocketFactory extends SocketFactory { // Questionable. Review how the sockets are created.
// ...
}
// === java.nio.channels ===
import java.net.SocketAddress;
import java.nio.channels.AsynchronousChannelGroup;
import java.nio.channels.AsynchronousServerSocketChannel;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.ServerSocketChannel;
class A {
void foo(AsynchronousChannelGroup group, SocketAddress remote) throws Exception {
AsynchronousServerSocketChannel.open(); // Questionable.
AsynchronousServerSocketChannel.open(group); // Questionable.
AsynchronousSocketChannel.open(); // Questionable.
AsynchronousSocketChannel.open(group); // Questionable.
SocketChannel.open(); // Questionable.
SocketChannel.open(remote); // Questionable.
ServerSocketChannel.open(); // Questionable.
}
}
// === Netty ===
import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.ServerSocketChannel;
import io.netty.channel.socket.SocketChannel;
class CustomChannelInitializer extends ChannelInitializer<ServerSocketChannel> { // Questionable. Review how the SocketChannel is used.
@Override
protected void initChannel(ServerSocketChannel ch) throws Exception {
}
}
class A {
void foo() {
new ChannelInitializer<SocketChannel>() { // Questionable
@Override
public void initChannel(SocketChannel ch) throws Exception {
// ...
}
};
}
}