include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
// === NodeJS built-in modules ===
const http = require('http');
const https = require('https');

// Endpoints exposed by http.Server and https.Server objects are security-sensitive and should be reviewed.
// Examples:

const srv = new http.Server((req, res) => {});
srv.listen(3000); // Sensitive

// http.createServer creates a new http.Server object.
const srv = http.createServer((req, res) => {});
srv.listen(3000); // Sensitive

const srv = new https.Server((req, res) => {});
srv.listen(3000); // Sensitive

// https.createServer creates a new https.Server object.
const srv = https.createServer((req, res) => {});
srv.listen(3000); // Sensitive
----

----
// === ExpressJS ===
const express = require('express');
const app = express();

// Endpoints exposed by ExpressJS are security-sensitive and should be reviewed.
// Example:

app.get('/', function (req, res) {});
app.post('/', function (req, res) {});
app.all('/', function (req, res) {});
app.listen(3000); // Sensitive
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 7 Dec 2018, 12:55:35 Lars Svensson wrote:
https://nodejs.org/api/http.html

https://nodejs.org/api/https.html

https://expressjs.com/en/4x/api.html

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]