50 lines
1.3 KiB
Plaintext
50 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
These clients from https://commons.apache.org/proper/commons-net/[Apache commons net] libraries are based on unencrypted protocols and are not recommended:
|
|
|
|
----
|
|
TelnetClient telnet = new TelnetClient(); // Sensitive
|
|
|
|
FTPClient ftpClient = new FTPClient(); // Sensitive
|
|
|
|
SMTPClient smtpClient = new SMTPClient(); // Sensitive
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
Use instead these clients from https://commons.apache.org/proper/commons-net/[Apache commons net] and http://www.jcraft.com/jsch/[JSch/ssh] library:
|
|
|
|
----
|
|
JSch jsch = new JSch(); // Compliant
|
|
|
|
if(implicit) {
|
|
// implicit mode is considered deprecated but offer the same security than explicit mode
|
|
FTPSClient ftpsClient = new FTPSClient(true); // Compliant
|
|
}
|
|
else {
|
|
FTPSClient ftpsClient = new FTPSClient(); // Compliant
|
|
}
|
|
|
|
if(implicit) {
|
|
// implicit mode is considered deprecated but offer the same security than explicit mode
|
|
SMTPSClient smtpsClient = new SMTPSClient(true); // Compliant
|
|
}
|
|
else {
|
|
SMTPSClient smtpsClient = new SMTPSClient(); // Compliant
|
|
smtpsClient.connect("127.0.0.1", 25);
|
|
if (smtpsClient.execTLS()) {
|
|
// commands
|
|
}
|
|
}
|
|
----
|
|
|
|
include::../exceptions.adoc[]
|
|
|
|
include::../see.adoc[]
|