Query module SocketAuthRace

name
Race condition in socket authentication
description
Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first.
kind
problem
problem.severity
warning
precision
medium
id
java/socket-auth-race-condition
tags
security external/cwe/cwe-421

Imports

Dominance

Provides classes and predicates for control-flow graph dominance.

Guards
SensitiveActions

Sensitive data and methods for security.

java

Provides all default Java QL imports.

Predicates

Classes

ConnectionMethod
ServerSocketAcceptMethod

The accept method on ServerSocket, which listens for a connection and returns when one has been established.

ServerSocketChannelAcceptMethod

The accept method on ServerSocketChannel, which listens for a connection and returns when one has been established.