...
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
MSC00-J | Medium | Likely | No | No | P6 | L2 |
Automated Detection
The general case of automated detection appears to be infeasible because determining which specific data may be passed through the socket is not statically computable. An approach that introduces a custom API for passing sensitive data via secure sockets may be feasible. User tagging of sensitive data is a necessary requirement for such an approach.
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| SECURITY.WSC.USC | Use the SSL-enabled version of classes when possible | ||||||
| Security Reviewer - Static Reviewer |
| JAVA_01 | Full Implementation |
Related Guidelines
...