Avoid using protocols without SSL


ID: csharp-security/avoid-unencrypted-protocols

Language: C#

Severity: Warning

Category: Security

CWE: 319


Using http:// or ftp:// instead of https:// or ftps:// leads to potential cleartext data transmission. Always use safe and secure connections.

Learn More

Non-Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
        foobar(key, something, "http://domain.tld", plop);
using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
        foo.bar(key, something, "http://domain.tld", plop);
using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
        var httpUrl = "http://domain.tld";
        var ftpUrl = "ftp://";

Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
        var httpUrl = "https://domain.tld";
        var ftpUrl = "ftps://";
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: alai97/reorganize-some-sections-in-dora-metrics