Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2656

JEE applications should not use sockets

    XMLWordPrintable

    Details

    • Type: Bug Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Remove this use of sockets.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Targeted languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      20min
    • Implementation details:
    • CWE:
      CWE-246, CWE-577

      Description

      According to the EJB specification:

      An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.
      ...

      • The enterprise bean must not attempt to set the socket factory used by ServerSocket, Socket, or the stream handler factory used by URL.

      These networking functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container’s ability to properly manage the runtime environment.

      Since EJB's may be passivated (temporarily serialized at the discretion of the container), using sockets in an EJB could cause resource leaks. Instead, you should work at a higher level and let the container handle such resources.

      This rule raises an issue each time a socket is created or or retrieved from another class in a servlet class or EJB.

      Noncompliant Code Example

      public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        // ...
      
        Socket sock = null;
        try {
          sock = new Socket(host, 3000);  // Noncompliant
          // ...
        } catch (Exception e) {
          // ...
        }
      }
      

      See

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ann.campbell.2 Ann Campbell
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: