Using sockets is security-sensitive. It has led in the past to the following vulnerabilities:
Sockets are vulnerable in multiple ways:
This rules flags code that creates sockets. It matches only the direct use of sockets, not use through frameworks or high-level APIs such as the use of http connections.
There is a risk if you answered yes to any of those questions.
// === java.net === import java.net.Socket; import java.net.InetAddress; import java.net.Proxy; import java.net.ServerSocket; import javax.net.SocketFactory; class A { void foo(SocketFactory factory, String address, int port, InetAddress localAddr, int localPort, boolean stream, String host, Proxy proxy, int backlog, InetAddress bindAddr) throws Exception { new Socket(); // Sensitive. new Socket(address, port); // Sensitive. new Socket(address, port, localAddr, localPort); // Sensitive. new Socket(host, port, stream); // Sensitive. new Socket(proxy); // Sensitive. new Socket(host, port); // Sensitive. new Socket(host, port, stream); // Sensitive. new Socket(host, port, localAddr, localPort); // Sensitive. new ServerSocket(); // Sensitive. new ServerSocket(port); // Sensitive. new ServerSocket(port, backlog); // Sensitive. new ServerSocket(port, backlog, bindAddr); // Sensitive. factory.createSocket(); // Sensitive } } abstract class mySocketFactory extends SocketFactory { // Sensitive. Review how the sockets are created. // ... }
// === java.nio.channels === import java.net.SocketAddress; import java.nio.channels.AsynchronousChannelGroup; import java.nio.channels.AsynchronousServerSocketChannel; import java.nio.channels.AsynchronousSocketChannel; import java.nio.channels.SocketChannel; import java.nio.channels.ServerSocketChannel; class A { void foo(AsynchronousChannelGroup group, SocketAddress remote) throws Exception { AsynchronousServerSocketChannel.open(); // Sensitive. AsynchronousServerSocketChannel.open(group); // Sensitive. AsynchronousSocketChannel.open(); // Sensitive. AsynchronousSocketChannel.open(group); // Sensitive. SocketChannel.open(); // Sensitive. SocketChannel.open(remote); // Sensitive. ServerSocketChannel.open(); // Sensitive. } }
// === Netty === import io.netty.channel.ChannelInitializer; import io.netty.channel.socket.ServerSocketChannel; import io.netty.channel.socket.SocketChannel; class CustomChannelInitializer extends ChannelInitializer<ServerSocketChannel> { // Sensitive. Review how the SocketChannel is used. @Override protected void initChannel(ServerSocketChannel ch) throws Exception { } } class A { void foo() { new ChannelInitializer<SocketChannel>() { // Sensitive @Override public void initChannel(SocketChannel ch) throws Exception { // ... } }; } }
This rule is deprecated, and will eventually be removed.