47 lines
1.1 KiB
Plaintext
47 lines
1.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === NodeJS built-in modules ===
|
|
const http = require('http');
|
|
const https = require('https');
|
|
|
|
// Endpoints exposed by http.Server and https.Server objects are security-sensitive and should be reviewed.
|
|
// Examples:
|
|
|
|
const srv = new http.Server((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
// http.createServer creates a new http.Server object.
|
|
const srv = http.createServer((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
const srv = new https.Server((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
// https.createServer creates a new https.Server object.
|
|
const srv = https.createServer((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
----
|
|
|
|
----
|
|
// === ExpressJS ===
|
|
const express = require('express');
|
|
const app = express();
|
|
|
|
// Endpoints exposed by ExpressJS are security-sensitive and should be reviewed.
|
|
// Example:
|
|
|
|
app.get('/', function (req, res) {});
|
|
app.post('/', function (req, res) {});
|
|
app.all('/', function (req, res) {});
|
|
app.listen(3000); // Sensitive
|
|
----
|
|
|
|
include::../see.adoc[]
|