IO.UT.HOST : Untrusted Network Host

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Binaries

IO.UT.HOST : Untrusted Network Host

Summary

A network function is called with an untrusted network host (name or address) argument.

A network host is considered to be untrusted if:

There is a set of applicable NETWORK_HOST_WHITELIST rules (that is, a set of one or more NETWORK_HOST_WHITELIST rules after which no NETWORK_HOST_WHITELIST= or NETWORK_HOST_BLACKLIST rules occur), and either
- the network host argument does not match one of the rules in that set,
  or
- CodeSonar cannot determine the value of the network host argument.
or
There is a set of applicable NETWORK_HOST_BLACKLIST rules (that is, a set of one or more NETWORK_HOST_BLACKLIST rules after which no NETWORK_HOST_BLACKLIST= or NETWORK_HOST_WHITELIST rules occur), and the network host argument matches one of the rules in that set.
or
The network host argument is a string constant that may have been obfuscated, where obfuscation determinations depend in part on the settings of configuration parameters MIN_B64_SCORE and MIN_ENC_SCORE.

Properties

Class Name

Untrusted Network Host

Significance

security

Mnemonic

IO.UT.HOST

Categories

MisraC2025	MisraC2025:D.4.14	The validity of values received from external sources shall be checked
MisraC2023	MisraC2023:D.4.14	The validity of values received from external sources shall be checked
Misra2012	Misra2012:D.4.14	The validity of values received from external sources shall be checked
AUTOSARC++14	AUTOSARC++14:A27-0-1	Inputs from independent components shall be validated.
MisraC++2023	MisraC++2023:0.3.2	A function call shall not violate the function's preconditions
CWE	CWE:99	Improper Control of Resource Identifiers ('Resource Injection')
	CWE:506	Embedded Malicious Code
	CWE:610	Externally Controlled Reference to a Resource in Another Sphere
CERT-C	CERT-C:INT04-C	Enforce limits on integer values originating from tainted sources
DISA-6r1	DISA-6r1:V-222606	The application must validate all input.
	DISA-6r1:V-222609	The application must not be subject to input handling vulnerabilities.
DISA-5r3	DISA-5r3:V-70265	The application must validate all input.
	DISA-5r3:V-70271	The application must not be subject to input handling vulnerabilities.
DISA-4r3	DISA-4r3:V-70265	The application must validate all input.
	DISA-4r3:V-70271	The application must not be subject to input handling vulnerabilities.
OWASP-2017	OWASP-2017:A1	Injection
OWASP-2021	OWASP-2021:A3	Injection
	OWASP-2021:A8	Software and data integrity failures
OWASP-2025	OWASP-2025:A05	Injection
	OWASP-2025:A08	Software or Data Integrity Failures

Availability

Available for C and C++.

Enabling

Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow class="Untrusted Network Host"

Triggers

CodeSonar ships with library models that allow it to recognize functions such as libc getaddrinfo() that take a network host argument. If one of these functions is called with an untrusted value in the network host parameter position, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Untrusted Network Host warnings.

Example

Suppose the project configuration file contains the following rules (these are part of the factory settings for NETWORK_HOST_BLACKLIST).

NETWORK_HOST_BLACKLIST += allow ^0:0:0:0:0:0:0:1$
NETWORK_HOST_BLACKLIST += .+\.[a-zA-Z]{2,6}($|\s+|\\|/|:)

Then CodeSonar will issue one Unstrusted Network Host warning in the following code.

#include <stdlib.h>
#include <netdb.h>

int ut_host(void){
    int status;
    struct addrinfo *res;

    /* 0:0:0:0:0:0:0:1 is permitted by NETWORK_HOST_BLACKLIST rule */
    status = getaddrinfo("0:0:0:0:0:0:0:1", "80", NULL, &res);
    if (status != 0)  {return status;}
    freeaddrinfo(res);

    /* 2001:DB8:1:2:3:4:5:6 is forbidden by NETWORK_HOST_BLACKLIST rule */
    status = getaddrinfo("2001:DB8:1:2:3:4:5:6", "80", NULL, &res); /* 'Untrusted Network Host' warning issued here */
    if (status != 0) {return status;}
    freeaddrinfo(res);

    /* ... */
    return 0;
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

To report problems with this documentation, please visit https://support.codesecure.com/.