Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.
1public void createConnectionNoncompliant() {
2 try {
3 URL url = new URL("http://www.example.com/");
4 // Noncompliant: creates an insecure http connection.
5 HttpURLConnection httpUrlConnection = (HttpURLConnection) url.openConnection();
6 httpUrlConnection.setRequestMethod("GET");
7 httpUrlConnection.connect();
8 } catch (IOException e) {
9 System.out.println(e);
10 }
11}
1public void createConnectionCompliant() {
2 try {
3 // Compliant: creates a secure https connection.
4 URL url = new URL("https://www.example.com/");
5 HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) url.openConnection();
6 httpsUrlConnection.setRequestMethod("GET");
7 httpsUrlConnection.connect();
8 } catch (IOException e) {
9 System.out.println(e);
10 }
11}