include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
url = "http://example.com"; // Sensitive
url = "ftp://anonymous@example.com"; // Sensitive
url = "telnet://anonymous@example.com"; // Sensitive
----

For https://nodemailer.com[nodemailer]:

----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
  secure: false, // Sensitive
  requireTLS: false // Sensitive
});
----

----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({}); // Sensitive
----

For https://github.com/mscdex/node-ftp[ftp]:

----
var Client = require('ftp');
var c = new Client();
c.connect({
  'secure': false // Sensitive
});
----

For https://github.com/mkozjak/node-telnet-client[telnet-client]:

----
const Telnet = require('telnet-client'); // Sensitive
----

== Compliant Solution

----
url = "https://example.com"; // Compliant
url = "sftp://anonymous@example.com"; // Compliant
url = "ssh://anonymous@example.com"; // Compliant
----

For https://nodemailer.com[nodemailer] one of the following options must be set:

----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
  secure: true, // Compliant
  requireTLS: true, // Compliant
  port: 465, // Compliant
  secured: true // Compliant
});
----

For https://github.com/mscdex/node-ftp[ftp]:

----
var Client = require('ftp');
var c = new Client();
c.connect({
  'secure': true // Compliant
});
----

include::../exceptions.adoc[]

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

endif::env-github,rspecator-view[]