16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
52 lines
1.1 KiB
Plaintext
52 lines
1.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
[source,apex]
|
|
----
|
|
public class MyClient {
|
|
public void SendRequest(){
|
|
HttpRequest req = new HttpRequest();
|
|
req.setEndpoint('http://example.com'); // Sensitive
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,apex]
|
|
----
|
|
public class MyClient {
|
|
public void SendRequest(){
|
|
HttpRequest req = new HttpRequest();
|
|
req.setEndpoint('https://example.com');
|
|
// ...
|
|
}
|
|
}
|
|
----
|
|
|
|
include::../exceptions.adoc[]
|
|
|
|
== See
|
|
|
|
* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Information Exposure
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Replace this http request with an https equivalent.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|