Using sockets is security-sensitive. It has led in the past to the following vulnerabilities:

Sockets are vulnerable in multiple ways:

This rules flags code that creates sockets. It matches only the direct use of sockets, not use through frameworks or high-level APIs such as the use of http connections.

Ask Yourself Whether

You are at risk if you answered yes to any of these questions.

Recommended Secure Coding Practices

Sensitive Code Example

// === java.net ===
import java.net.Socket;
import java.net.InetAddress;
import java.net.Proxy;
import java.net.ServerSocket;
import javax.net.SocketFactory;

class A {
    void foo(SocketFactory factory, String address, int port, InetAddress localAddr, int localPort, boolean stream,
            String host, Proxy proxy, int backlog, InetAddress bindAddr)
            throws Exception {
        new Socket(); // Sensitive.
        new Socket(address, port); // Sensitive.
        new Socket(address, port, localAddr, localPort); // Sensitive.
        new Socket(host, port, stream); // Sensitive.
        new Socket(proxy); // Sensitive.
        new Socket(host, port); // Sensitive.
        new Socket(host, port, stream); // Sensitive.
        new Socket(host, port, localAddr, localPort); // Sensitive.

        new ServerSocket(); // Sensitive.
        new ServerSocket(port); // Sensitive.
        new ServerSocket(port, backlog); // Sensitive.
        new ServerSocket(port, backlog, bindAddr); // Sensitive.

        factory.createSocket(); // Sensitive
    }
}

abstract class mySocketFactory extends SocketFactory { // Sensitive. Review how the sockets are created.
    // ...
}
// === java.nio.channels ===
import java.net.SocketAddress;
import java.nio.channels.AsynchronousChannelGroup;
import java.nio.channels.AsynchronousServerSocketChannel;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.ServerSocketChannel;

class A {
    void foo(AsynchronousChannelGroup group, SocketAddress remote) throws Exception {
        AsynchronousServerSocketChannel.open(); // Sensitive.
        AsynchronousServerSocketChannel.open(group); // Sensitive.
        AsynchronousSocketChannel.open(); // Sensitive.
        AsynchronousSocketChannel.open(group); // Sensitive.
        SocketChannel.open(); // Sensitive.
        SocketChannel.open(remote); // Sensitive.
        ServerSocketChannel.open(); // Sensitive.
    }
}
// === Netty ===
import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.ServerSocketChannel;
import io.netty.channel.socket.SocketChannel;

class CustomChannelInitializer extends ChannelInitializer<ServerSocketChannel> { // Sensitive. Review how the SocketChannel is used.
    @Override
    protected void initChannel(ServerSocketChannel ch) throws Exception {
    }
}

class A {
    void foo() {
        new ChannelInitializer<SocketChannel>() {  // Sensitive
            @Override
            public void initChannel(SocketChannel ch) throws Exception {
                // ...
            }
        };
    }
}

See