Uploaded image for project: 'Analyzer for Kotlin'
  1. Analyzer for Kotlin
  2. SONARKT-2

Rule S5332 Using clear-text protocols is security-sensitive

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0
    • Component/s: None
    • Labels:

      Description

      New rule to implement

      Like for the same rule in Java (see SONARJAVA-3805, SONARJAVA-3675), kotlin analyzer should raise when these constructors are called:

      val telnet = TelnetClient() // Noncompliant (s5532)
      telnet.connect("127.0.0.1")
      
      val ftpClient = FTPClient() // Noncompliant (s5532)
      ftpClient.connect("127.0.0.1", 21)
      
      val smtpClient = SMTPClient() // Noncompliant (s5532)
      smtpClient.connect("127.0.0.1")
      

      and for okhttp library, should raise an issue when ConnectionSpec.CLEARTEXT is used as argument of these functions:

      • connectionSpecs() expect a list / array of connectionspec symbols, as soon as CLEARTEXT is found we should raise:
        val client = OkHttpClient.Builder()
                        .connectionSpecs(
                            listOf(
                                ConnectionSpec.MODERN_TLS,
                                ConnectionSpec.CLEARTEXT // Noncompliant (s5532)
                            )
                        )
                        .build()
        
      • Builder():
          
        val spec1: ConnectionSpec =
                        ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT) // Noncompliant (s5532)
                            .build()
        

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johann.beleites Johann Beleites
              Reporter:
              eric.therond Eric Therond
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: