include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

These clients from https://commons.apache.org/proper/commons-net/[Apache commons net] libraries are based on unencrypted protocols and are not recommended:

----
val telnet = TelnetClient(); // Sensitive

val ftpClient = FTPClient(); // Sensitive

val smtpClient = SMTPClient(); // Sensitive
----

Unencrypted HTTP connections, when using https://square.github.io/okhttp/https/[okhttp] library for instance, should be avoided:

----
val spec: ConnectionSpec = ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT) // Sensitive
  .build()
----

== Compliant Solution

Use instead these clients from https://commons.apache.org/proper/commons-net/[Apache commons net] and http://www.jcraft.com/jsch/[JSch/ssh] library:

----
JSch jsch = JSch(); // Compliant

if(implicit) {
  // implicit mode is considered deprecated but offer the same security than explicit mode
  val ftpsClient = FTPSClient(true); // Compliant
}
else {
  val ftpsClient = FTPSClient(); // Compliant
}

if(implicit) {
  // implicit mode is considered deprecated but offer the same security than explicit mode
  val smtpsClient = SMTPSClient(true); // Compliant
}
else {
  val smtpsClient = SMTPSClient(); // Compliant
  smtpsClient.connect("127.0.0.1", 25);
  if (smtpsClient.execTLS()) {
    // commands
  }
}
----

Perform HTTP encrypted connections, with https://square.github.io/okhttp/https/[okhttp]  library for instance:

----
val spec: ConnectionSpec =ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) // Compliant
  .build()
----

include::../exceptions.adoc[]

include::../see.adoc[]