ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4825/description.adoc

14 lines
800 B
Plaintext
Raw Permalink Normal View History

Add rules 4000-4999
2020-06-30 12:49:37 +02:00
Sending HTTP requests is security-sensitive. It has led in the past to the following vulnerabilities:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150[CVE-2014-8150]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007[CVE-2018-1000007]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0660[CVE-2010-0660]
An HTTP request has different kinds of vulnerabilities:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 4000-4999
2020-06-30 12:49:37 +02:00
* it sends data which might be intercepted or dangerous.
* it receives a response which might have been crafted by an attacker.
* as each request opens a socket and triggers some processing for the sender and the recipient, it is possible to exhaust resources on both sides by sending too many requests.
This rule flags code that initiates an HTTP request. The goal is to guide security code reviews.
Reference in New Issue Copy Permalink