AWS logo
Amazon CodeGuruDetector Library

Insecure Socket Bind Critical

Binding the socket with an empty IP address will allow it to accept connections from any IPv4 address provided, thus can introduce security risks.

Detector ID
python/insecure-socket-bind@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def insecure_socket_bind_noncompliant():
2    import socket
3    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
4    # Noncompliant: Empty IP Address is passed when binding to a socket.
5    s.bind(('', 0))

Compliant example

1def insecure_socket_bind_compliant():
2    import socket
3    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
4    # Compliant: Non-empty IP Address is passed when binding to a socket.
5    s.bind(('192.168.1.1', 0))