Ensure network sockets use SSL/TLS encryption

문서 > Datadog 보안 > Code Security > Static Code Analysis (SAST) > SAST 규칙 > Ensure network sockets use SSL/TLS encryption

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: kotlin-security/ensure-secure-socket

Language: Kotlin

Severity: Error

Category: Security

CWE: 319

Description

This rule ensures that all network sockets used in your Kotlin application are secured using SSL/TLS encryption. Unencrypted network communication is a significant security risk because it allows attackers to intercept and manipulate the data being transmitted. This can lead to data breaches, unauthorized access, and other security issues.

In Kotlin, you can ensure your sockets are encrypted by using the SSLSocketFactory or SSLServerSocketFactory classes to create your sockets. If you need to use a socket with custom configuration, you can still ensure it is encrypted by using the SSLContext class to create a configured SSL socket. Avoid using the Socket or ServerSocket classes directly, because these classes create unencrypted sockets by default.

Non-Compliant Code Examples

// Example 1: Basic Socket usage
fun createConnection() {
    // UNSAFE: Unencrypted socket
    val socket = Socket("api.example.com", 80)
    socket.getOutputStream().write(data)
}

// Example 2: ServerSocket usage
fun startServer() {
    // UNSAFE: Unencrypted server socket
    val serverSocket = ServerSocket(8080)
    val client = serverSocket.accept()
}

// Example 3: Socket with custom configuration
fun configuredSocket() {
    // UNSAFE: Still unencrypted despite configuration
    val socket = Socket("api.example.com", 8080, true)
    socket.soTimeout = 5000
}

Compliant Code Examples

// Example 1: SSLSocket usage
fun createSecureConnection() {
    // SAFE: Using SSL socket factory
    val socket = SSLSocketFactory.getDefault()
        .createSocket("api.example.com", 443)
    socket.getOutputStream().write(data)
}

// Example 2: SSL ServerSocket usage
fun startSecureServer() {
    // SAFE: Using SSL server socket factory
    val serverSocket = SSLServerSocketFactory.getDefault()
        .createServerSocket(8443)
    val client = serverSocket.accept()
}

// Example 3: Configured SSLSocket
fun configuredSecureSocket() {
    val context = SSLContext.getInstance("TLS")
    context.init(null, null, null)
    // SAFE: Using configured SSL socket
    val socket = context.socketFactory
        .createSocket("api.example.com", 443)
}