Permissive server network interface configuration

• Rule ID: go_gosec_network_bind_to_all_interfaces
• Languages: go
• Source: bind_to_all_interfaces.yml

Description

Binding a service to "0.0.0.0" makes it accessible on all network interfaces. This configuration can lead to unintended exposure over insecure or unintended network interfaces, creating potential security risks.

Remediations

• Do not bind services to "0.0.0.0" without considering the security implications. This default setting can expose your service on all network interfaces, including those that are not secure.
• Do bind your service to a specific IP address or network interface to limit access and enhance security. This can be achieved through various methods:
  • Specify the IP address using an environment variable for flexible and secure configuration.
  • Define the IP address in a configuration file that the application reads at startup.
  • Dynamically identify the appropriate network interface and bind the service to its IP address.
• Do implement security best practices when configuring network services. Use firewalls to control access and encrypt communication with TLS to protect data in transit.

References

• Go net package
• Go os package for environment variables

Associated CWE

• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

OWASP Top 10

• A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_network_bind_to_all_interfaces

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_network_bind_to_all_interfaces