Kotlin Deprecated Default Http Client Used
Description
Detects usage of the deprecated DefaultHttpClient class which lacks modern security features and proper TLS/SSL support. Using this legacy HTTP client can expose applications to man-in-the-middle attacks and other security vulnerabilities due to outdated security protocols.
Detection Strategy
• Search for instantiations or references to 'DefaultHttpClient' class in the code
• Report a vulnerability when 'DefaultHttpClient' is found in any expression or class initialization
• Recommend using modern HTTP client alternatives like HttpClient from java.net.http (Java 11+) or Apache HttpComponents
Vulnerable code example
import org.apache.http.client.HttpClient
import org.apache.http.impl.client.DefaultHttpClient
import org.apache.http.client.methods.HttpGet
fun makeRequest(url: String) {
// Vulnerable: Uses deprecated DefaultHttpClient which lacks security updates
val client = DefaultHttpClient()
val request = HttpGet(url)...✅ Secure code example
import org.apache.http.client.config.RequestConfig
import org.apache.http.client.methods.HttpGet
import org.apache.http.impl.client.HttpClients
import org.apache.http.util.EntityUtils
fun makeRequest(url: String) {
// Secure: Use modern HttpClients builder with security timeouts and settings
val config = RequestConfig.custom()...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.