/
dynamic-httptrace-clienttrace.yaml
38 lines (38 loc) · 1.2 KB
/
dynamic-httptrace-clienttrace.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
rules:
- id: dynamic-httptrace-clienttrace
message: >-
Detected a potentially dynamic ClientTrace. This occurred because semgrep could
not
find a static definition for '$TRACE'. Dynamic ClientTraces are dangerous because
they deserialize function code to run when certain Request events occur, which
could lead
to code being run without your knowledge. Ensure that your ClientTrace is statically
defined.
metadata:
cwe:
- 'CWE-913: Improper Control of Dynamically-Managed Code Resources'
owasp:
- A01:2021 - Broken Access Control
references:
- https://github.com/returntocorp/semgrep-rules/issues/518
# Detects when a static ClientTrace is not defined in the same file as
# WithClientTrace. Not a perfect detection, but sufficiently works in a
# scan of ~1k repos: https://dev.massive.ret2.co/triager/filter/1007
category: security
technology:
- go
confidence: MEDIUM
subcategory:
- vuln
likelihood: LOW
impact: LOW
patterns:
- pattern-not-inside: |
package $PACKAGE
...
&httptrace.ClientTrace { ... }
...
- pattern: httptrace.WithClientTrace($ANY, $TRACE)
severity: WARNING
languages:
- go