sdk/python/HTTP Clients/PySocket

PySocket

The socket module for low-level network operations. socket.connect() is an SSRF primitive when the host / port comes from user input. socket.bind() on 0.0.0.0 is a finding for services that should be localhost-only.

3 sinks

Taint flow0 sources → 3 sinks

Sinks — dangerous call

.connect()Connects to a remote address

.bind()Binds to a local address

.create_connection()High-level connection helper

Sinks

— dangerous functions taint must not reach

.connect()Sink

Signature

socket.connect(address: tuple | str) -> None

Connects to a remote address. SSRF sink when address is user-controlled.

tracks:0

.bind()Sink

Signature

socket.bind(address: tuple | str) -> None

Binds to a local address. Finding when bound to 0.0.0.0 or '' on internal services.

tracks:0

.create_connection()Sink

Signature

socket.create_connection(address, timeout=..., source_address=None) -> socket

High-level connection helper. SSRF sink on address.

tracks:0

Other Methods

.socket()Neutral

Signature

socket.socket(family=AF_INET, type=SOCK_STREAM, proto=0, fileno=None) -> socket

Creates a socket. Neutral.

Fully-Qualified Names

FQN	Field
socket	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py

from codepathfinder.go_rule import PySocket

← PreviousPySmtplib

Next →PyTelnetlib