2020-06-30 12:50:28 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
public class MyClient {
|
|
|
|
|
public void SendRequest(){
|
|
|
|
|
HttpRequest req = new HttpRequest();
|
|
|
|
|
req.setEndpoint('http://example.com'); // Sensitive
|
|
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,apex]
|
2020-06-30 12:50:28 +02:00
|
|
|
----
|
|
|
|
|
public class MyClient {
|
|
|
|
|
public void SendRequest(){
|
|
|
|
|
HttpRequest req = new HttpRequest();
|
|
|
|
|
req.setEndpoint('https://example.com'); // Compliant
|
|
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../exceptions.adoc[]
|
|
|
|
|
|
|
|
|
|
== See
|
|
|
|
|
|
2021-11-01 15:00:32 +01:00
|
|
|
* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
|
2020-06-30 12:50:28 +02:00
|
|
|
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
2022-04-07 08:53:59 -05:00
|
|
|
* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Information Exposure
|
2021-09-20 15:38:42 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::message.adoc[]
|
|
|
|
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|
