Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      These clients from Apache commons net libraries are based on unencrypted protocols and are not recommended:

      TelnetClient telnet = new TelnetClient(); // Sensitive
      
      FTPClient ftpClient = new FTPClient(); // Sensitive
      
      SMTPClient smtpClient = new SMTPClient(); // Sensitive
      

      Unencrypted HTTP connections, when using okhttp library for instance, should be avoided:

      ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT) // Sensitive
        .build();
      

      Compliant Solution

      Use instead these clients from Apache commons net and JSch/ssh library:

      JSch jsch = new JSch(); // Compliant
      
      if(implicit) {
        // implicit mode is considered deprecated but offer the same security than explicit mode
        FTPSClient ftpsClient = new FTPSClient(true); // Compliant
      }
      else {
        FTPSClient ftpsClient = new FTPSClient(); // Compliant
      }
      
      if(implicit) {
        // implicit mode is considered deprecated but offer the same security than explicit mode
        SMTPSClient smtpsClient = new SMTPSClient(true); // Compliant
      }
      else {
        SMTPSClient smtpsClient = new SMTPSClient(); // Compliant
        smtpsClient.connect("127.0.0.1", 25);
        if (smtpsClient.execTLS()) {
          // commands
        }
      }
      

      Perform HTTP encrypted connections, with okhttp library for instance:

      ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) // Compliant
        .build();
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: