Network access
Severity
Medium
Short Description
This module accesses the network.
Packages
View packages with this alert.Suggestion
Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.
Information
The Network access alert in Socket monitors your project's dependencies for any network access activities. This alert can be important to monitor for maintaining the security, performance, and compliance of your application by detecting dependencies that make unexpected or unauthorized network requests.
Recommended actions
Upon receiving a Network Access alert, consider the following actions:
- Review Documentation: Check the dependency’s official documentation to verify if network access is expected.
- Analyze Request Details: Examine the nature of the network requests, including destinations and data being transmitted.
- Remove Unnecessary Network Access: Packages should eliminate all network access that is not functionally required. This minimizes the attack surface and reduces the risk of unauthorized data transmission.
- Audit Network Access: Consumers of these packages should thoroughly audit network activities on a regular basis to ensure that all network requests are legitimate and necessary for the application's operation.
Examples
Here's an example of a package flagged with a Network Access alert. This alert is often accompanied by alerts for other suspicious capabilities.
Here's another example where a package is attempting to use https and dns modules, which triggered the Network Access alert:
Detection Method
The alert scans the code of each dependency to see if it includes specific modules or libraries that are commonly used to perform network operations. Beyond just importing network modules, the alert also checks if the dependency uses functions or methods from these modules to perform actual network tasks.
If a dependency imports network-related modules or uses their functions, the alert flags it as having network access. This doesn't necessarily mean something malicious is happening, but it highlights that the dependency can communicate over the internet.
Additional resources
OWASP - The Principle of Least Privilege: Outlines the principle of least privilege and how it applies to limiting access and capabilities in applications.
MITRE ATT&CK: A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.