TH17103
Detected presence of files containing references to TOR or hidden service URLs.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | high | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. The Onion Router (TOR) enables its users to anonymously interact with the content on the web. For this reason, TOR services are commonly used by malicious actors to maintain anonymity while conducting their attacks. While presence of TOR references does not imply malicious intent, all of its uses in a software package should be documented and approved. Only select applications should consider using the TOR network to enable anonymous internet access. One example of acceptable use for hidden service URLs is in applications designed to combat online censorship.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider removing all references to flagged network locations.
Recommended readingโ
- Tor network (External resource - Wikipedia)
- Hidden service (External resource - Wikipedia)