mobsf.mobsfscan.network.default_http_client_tls.default_http_client_tls

MobSF

Author

unknown

Download Count*

GPLv3

License

DefaultHTTPClient() with default constructor is not compatible with TLS 1.2.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: default_http_client_tls
    patterns:
      - pattern-either:
          - pattern: |
              new DefaultHttpClient()
    message: DefaultHTTPClient() with default constructor is not compatible with TLS
      1.2.
    languages:
      - java
    severity: WARNING
    metadata:
      cwe: cwe-757
      owasp-mobile: m3
      masvs: network-2
      reference: https://github.com/MobSF/owasp-mstg/blob/master/Document/0x04f-Testing-Network-Communication.md#verifying-data-encryption-on-the-network-mstg-network-1-and-mstg-network-2
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other

Short Link: https://sg.run/5zwA