ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4825/description.adoc
Alban Auzeill 2c306d110e Fix code block ambiguity with old header style 
Ensure blank line before list and clean the one leading space
2020-06-30 17:16:12 +02:00

14 lines
800 B
Plaintext
Raw Permalink Blame History

Sending HTTP requests is security-sensitive. It has led in the past to the following vulnerabilities:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150[CVE-2014-8150]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007[CVE-2018-1000007]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0660[CVE-2010-0660]
An HTTP request has different kinds of vulnerabilities:
* it sends data which might be intercepted or dangerous.
* it receives a response which might have been crafted by an attacker.
* as each request opens a socket and triggers some processing for the sender and the recipient, it is possible to exhaust resources on both sides by sending too many requests.
This rule flags code that initiates an HTTP request. The goal is to guide security code reviews.
Reference in New Issue View Git Blame Copy Permalink