Dart Io Ssl Verification Bypass
Description
This detector identifies SSL certificate verification bypass vulnerabilities in Dart applications that use the dart:io library. When developers disable SSL certificate validation by assigning unsafe callback functions to badCertificateCallback, it allows connections to servers with invalid or malicious certificates, making the application vulnerable to man-in-the-middle attacks.
Detection Strategy
• The dart:io library must be imported in the source file
• The file must not be a test file (test files are excluded from analysis)
• An assignment statement must set the badCertificateCallback property
• The assigned value must be an unsafe lambda function or callback that bypasses certificate validation
• The callback function is determined to be unsafe through advanced analysis of its implementation
Vulnerable code example
import 'dart:io';
// VULNERABLE: accepts all certificates unconditionally -> MitM attacks
Future<void> insecureClient() async {
final client = HttpClient();
client.badCertificateCallback = (cert, host, port) => true; // Always trusts
}✅ Secure code example
import 'dart:io';
// SAFE: Proper certificate validation instead of accepting all certificates
Future<void> secureClient() async {
final client = HttpClient();
client.badCertificateCallback = (cert, host, port) => cert.subject.contains('expected.com'); // Validates certificate subject
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.