2020-06-30 12:50:28 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
|
|
2023-01-09 15:29:41 +01:00
|
|
|
[source,apex]
|
2020-06-30 12:50:28 +02:00
|
|
|
----
|
|
|
|
|
public class MyClient {
|
|
|
|
|
public void SendRequest(){
|
|
|
|
|
HttpRequest req = new HttpRequest();
|
|
|
|
|
req.setEndpoint('http://example.com'); // Sensitive
|
|
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
2022-02-04 17:28:24 +01:00
|
|
|
[source,apex]
|
2020-06-30 12:50:28 +02:00
|
|
|
----
|
|
|
|
|
public class MyClient {
|
|
|
|
|
public void SendRequest(){
|
|
|
|
|
HttpRequest req = new HttpRequest();
|
2023-01-09 15:29:41 +01:00
|
|
|
req.setEndpoint('https://example.com');
|
2020-06-30 12:50:28 +02:00
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../exceptions.adoc[]
|
|
|
|
|
|
|
|
|
|
== See
|
|
|
|
|
|
2024-01-15 17:15:56 +01:00
|
|
|
* OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
|
|
|
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
|
|
|
|
|
* CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Information Exposure]
|
2021-09-20 15:38:42 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
2023-05-25 14:18:12 +02:00
|
|
|
=== Message
|
|
|
|
|
|
|
|
|
|
Replace this http request with an https equivalent.
|
|
|
|
|
|
2021-09-20 15:38:42 +02:00
|
|
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|
