a0a00c4cba
For review, have a look to our docs: https://docs.sonarsource.com/sonarqube/9.8/extension-guide/adding-coding-rules/#coding-rule-guidelines This should not be merged by an AppSec member, because it contains message information. It should be merged by someone from SonarJS. --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
39 lines
789 B
Plaintext
39 lines
789 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
[source, java]
|
|
----
|
|
@GetMapping(value = "/example")
|
|
public ResponseEntity<String> example() {
|
|
HttpHeaders responseHeaders = new HttpHeaders();
|
|
responseHeaders.set("x-powered-by", "myproduct"); // Sensitive
|
|
|
|
return new ResponseEntity<String>(
|
|
"example",
|
|
responseHeaders,
|
|
HttpStatus.CREATED);
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
Do not disclose version information unless necessary. The ``++x-powered-by++``
|
|
or ``++Server++`` HTTP headers should not be used.
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|