Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5759

Forwarding client IP address is security-sensitive

    XMLWordPrintable

    Details

    • Type: Security Hotspot Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Make sure forwarding client IP address is safe here.
    • Default Severity:
      Minor
    • Impact:
      Low
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way, Sonar way recommended
    • Targeted languages:
      C#, C, C++, Java, PHP, Python, TypeScript
    • Covered Languages:
      JavaScript
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5min
    • Analysis Scope:
      Main Sources
    • OWASP:
      A3

      Description

      Users often connect to web servers through HTTP proxies.
      Proxy can be configured to forward the client IP address via the X-Forwarded-For or Forwarded HTTP headers.
      IP address is a personal information which can identify a single user and thus impact his privacy.

      Ask Yourself Whether

      • The web application uses reverse proxies or similar but doesn't need to know the IP address of the user.

      There is a risk if you answered yes to this question.

      Recommended Secure Coding Practices

      User IP address should not be forwarded unless the application needs it, as part of an authentication, authorization scheme or log management for examples.

      See

        Attachments

        1.
        JavaScript RSPEC-5760 Language-Specification Active Unassigned

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            pierre-loup.tristant Pierre-Loup Tristant
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: