hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9832c330af360b4204971cb1c250b7633da0c1d
codeql/python/ql/test/query-tests/Security/CVE-2018-1281/BindToAllInterfaces_test.py
Taus c9832c330a Python: Convert BindToAllInterfaces to path-problem 
Now that we're using global data-flow, we might as well make use of the
fact that we know where the source is.
2026-03-26 21:10:43 +00:00

59 lines
1.9 KiB
Python
Raw Blame History

import socket
# binds to all interfaces, insecure
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
# binds to all interfaces, insecure
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 4040)) # $ Alert[py/bind-socket-all-network-interfaces]
# binds only to a dedicated interface, secure
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('84.68.10.12', 8080))
# binds to all interfaces, insecure
ALL_LOCALS = "0.0.0.0" # $ Source
s.bind((ALL_LOCALS, 9090)) # $ Alert[py/bind-socket-all-network-interfaces]
# binds to all interfaces, insecure
tup = (ALL_LOCALS, 8080)
s.bind(tup) # $ Alert[py/bind-socket-all-network-interfaces]
# IPv6
s = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
s.bind(("::", 8080)) # $ Alert[py/bind-socket-all-network-interfaces]
# FN cases from https://github.com/github/codeql/issues/21582
# Address stored in a class attribute
class Server:
def __init__(self):
self.bind_addr = '0.0.0.0' # $ Source
self.port = 31137
def start(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((self.bind_addr, self.port)) # $ Alert[py/bind-socket-all-network-interfaces]
server = Server()
server.start()
# os.environ.get with insecure default
import os
host = os.environ.get('APP_HOST', '0.0.0.0') # $ Source
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, 8080)) # $ Alert[py/bind-socket-all-network-interfaces]
# gevent.socket (alternative socket module)
from gevent import socket as gsocket
gs = gsocket.socket(gsocket.AF_INET, gsocket.SOCK_STREAM)
gs.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
# eventlet.green.socket (another alternative socket module)
from eventlet.green import socket as esocket
es = esocket.socket(esocket.AF_INET, esocket.SOCK_STREAM)
es.bind(('0.0.0.0', 31137)) # $ Alert[py/bind-socket-all-network-interfaces]
Reference in New Issue View Git Blame Copy Permalink