Insecure connection using unencrypted protocol High

Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.

Detector ID
java/insecure-connection@v1.0
Category

Noncompliant example

1public void createConnectionNoncompliant() {
2    try {
3        URL url = new URL("http://www.example.com/");
4        // Noncompliant: creates an insecure http connection.
5        HttpURLConnection httpUrlConnection = (HttpURLConnection) url.openConnection();
6        httpUrlConnection.setRequestMethod("GET");
7        httpUrlConnection.connect();
8    } catch (IOException e) {
9        System.out.println(e);
10    }
11}

Compliant example

1public void createConnectionCompliant() {
2    try {
3        // Compliant: creates a secure https connection.
4        URL url = new URL("https://www.example.com/");
5        HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) url.openConnection();
6        httpsUrlConnection.setRequestMethod("GET");
7        httpsUrlConnection.connect();
8    } catch (IOException e) {
9        System.out.println(e);
10    }
11}