include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
String ip = '192.168.12.42'; // Sensitive
String clientIp = ApexPages.currentPage().getHeaders().get(‘True-Client-IP’);
Boolean isKnown = ip.equals(clientIp);
----

== Compliant Solution

[source,apex]
----
StaticResource sr= [SELECT ip_address FROM StaticResource WHERE Name = 'configuration' LIMIT 1]; // Compliant
String ip_address = sr.body.toString();
String clientIp = ApexPages.currentPage().getHeaders().get(‘True-Client-IP’);
Boolean isKnown = ip_address.equals(clientIp);
----

== Exceptions

No issue is reported for the following cases because they are not considered sensitive:

* Loopback addresses 127.0.0.0/8 in CIDR notation (from 127.0.0.0 to 127.255.255.255)
* Broadcast address 255.255.255.255
* Non-routable address 0.0.0.0
* Strings of the form ``++2.5.<number>.<number>++`` as they http://www.oid-info.com/introduction.htm[often match Object Identifiers] (OID)
* Addresses in the ranges 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, reserved for documentation purposes by https://datatracker.ietf.org/doc/html/rfc5737[RFC 5737]
* Addresses in the range 2001:db8::/32, reserved for documentation purposes by https://datatracker.ietf.org/doc/html/rfc3849[RFC 3849]

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]