rspec/rules/S5689/javascript/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

https://www.npmjs.com/package/express[Express.js] name is disclosed by default into the ``x-powered-by``  HTTP header:

----
let express = require('express');
let app = express(); // Sensitive

app.get('/', function (req, res) {
  res.send('hello')
});
----

== Compliant Solution

``x-powered-by``  HTTP header should be disabled in https://www.npmjs.com/package/express[Express.js] with ``app.disable`` or with helmet https://www.npmjs.com/package/helmet[hidePoweredBy] middleware:

----
let express = require('express');

let app1 = express();  // Compliant
app1.disable("x-powered-by");

let helmet = require("helmet");
let app2 = express(); // Compliant
app2.use(helmet.hidePoweredBy());
----

include::../see.adoc[]
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`include::../description.adoc[]`

Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`include::../ask-yourself.adoc[]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

change the inline-code delimitters 2020-12-23 14:59:06 +01:00			https://www.npmjs.com/package/express[Express.js] name is disclosed by default into the ``x-powered-by`` HTTP header:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`let express = require('express');`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`let app = express(); // Sensitive`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
			`app.get('/', function (req, res) {`
			`res.send('hello')`
			`});`
			`----`

			`== Compliant Solution`

change the inline-code delimitters 2020-12-23 14:59:06 +01:00			``x-powered-by`` HTTP header should be disabled in https://www.npmjs.com/package/express[Express.js] with ``app.disable`` or with helmet https://www.npmjs.com/package/helmet[hidePoweredBy] middleware:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
			`let express = require('express');`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`let app1 = express(); // Compliant`
			`app1.disable("x-powered-by");`

Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`let helmet = require("helmet");`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`let app2 = express(); // Compliant`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`app2.use(helmet.hidePoweredBy());`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`

			`include::../see.adoc[]`