Use SSLSocket instead of Socket/ServerSocket :: Recipe Details

Recipe Name:

Use SSLSocket instead of Socket/ServerSocket

Description:

Use SSLSocket instead of Socket/ServerSocket

Level:

warning

Language:

java

Tags:

security
web
SEI CERT

Documentation

As explained by the SEI CERT coding guidelines: "Programs must use the javax.net.ssl.SSLSocket class rather than the java.net.Socket class when transferring sensitive data over insecure communication channels. The class SSLSocket provides security protocols such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure that the channel is not vulnerable to eavesdropping and malicious tampering."

References

SEI CERT - MSC00-J. Use SSLSocket rather than Socket for secure data exchange Skip to end of metadata

Recipe

id: scw:java:SSLSocket
version: 10
metadata:
  name: Use SSLSocket instead of Socket/ServerSocket
  shortDescription: Use SSLSocket instead of Socket/ServerSocket
  level: warning
  language: java
  scwCategory: insufficient_transport_layer_protection:communication_over_cleartext_protocol_http
  enabled: true
  descriptionFile: descriptions/Use_SSLSocket_instead_of_Socket/ServerSocket.html
  tags: security;web;SEI CERT
search:
  instanceCreation:
    type:
      reference:
        anyOf:
        - is: java.net.ServerSocket
        - is: java.net.Socket
      checkInheritance: true
availableFixes:
- name: ""
  actions: []