Avoid TrustStrategies that trust certificates blindly

문서 > Datadog 보안 > Code Security > Static Code Analysis (SAST) > SAST 규칙 > Avoid TrustStrategies that trust certificates blindly

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: java-security/no-trust-strategy

Language: Java

Severity: Info

Category: Best Practices

Description

This rule flags the use of TrustStrategy implementations such as TrustSelfSignedStrategy and TrustAllStrategy that accept certificates without proper validation. These strategies inherently trust certificates blindly, which undermines the security guarantees of SSL/TLS connections and exposes applications to man-in-the-middle attacks.

Using such TrustStrategies is dangerous because it bypasses critical certificate verification steps, allowing potentially untrusted or malicious certificates to be accepted. This can lead to sensitive data exposure, unauthorized access, and other security vulnerabilities in your application.

To comply with this rule, avoid using TrustStrategies that indiscriminately trust certificates. Instead, ensure that your SSLContext is configured with proper trust material that enforces rigorous certificate validation.

Non-Compliant Code Examples

import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.TrustAllStrategy;

public class ContextMaker {
    public static SSLContext makeSelfSigned() {
        return SSLContext.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
    }

    public static SSLContext makeAll() {
        TrustStrategy strategy = new TrustAllStrategy();
        return SSLContext.custom().loadTrustMaterial(null, strategy).build();
    }

    public static SSLContext makeSelfSignedFullName() {
        return SSLContext.custom().loadTrustMaterial(null, new org.apache.http.conn.ssl.TrustSelfSignedStrategy()).build();
    }

}