• Home
• org.sonarsource.java
• java-checks
• 3.7
• source code
• S1313.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S1313.html Maven / Gradle / Ivy

Hardcoding an IP address into source code is a bad idea for several reasons:

 a recompile is required if the address changes
 it forces the same address to be used in every environment (dev, sys, qa, prod)
 it places the responsibility of setting the value to use in production on the shoulders of the developer
 it allows attackers to decompile the code and thereby discover a potentially sensitive address

Noncompliant Code Example

String ip = "127.0.0.1";
Socket socket = new Socket(ip, 6667);

Compliant Solution

String ip = System.getProperty("myapplication.ip");
Socket socket = new Socket(ip, 6667);

See


 CERT, MSC03-J - Never hard code sensitive information