rspec/rules/S5332/javascript/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
url = "http://example.com"; // Sensitive
url = "ftp://anonymous@example.com"; // Sensitive
url = "telnet://anonymous@example.com"; // Sensitive
----


For https://nodemailer.com[nodemailer]:

----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
  secure: false, // Sensitive
  requireTLS: false // Sensitive
});
----


----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({}); // Sensitive
----


For https://github.com/mscdex/node-ftp[ftp]:

----
var Client = require('ftp');
var c = new Client();
c.connect({
  'secure': false // Sensitive
});
----


For https://github.com/mkozjak/node-telnet-client[telnet-client]:

----
const Telnet = require('telnet-client'); // Sensitive
----

== Compliant Solution

----
url = "https://example.com"; // Compliant
url = "sftp://anonymous@example.com"; // Compliant
url = "ssh://anonymous@example.com"; // Compliant
----


For https://nodemailer.com[nodemailer] one of the following options must be set:

----
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
  secure: true, // Compliant
  requireTLS: true, // Compliant
  port: 465, // Compliant
  secured: true // Compliant
});
----


For https://github.com/mscdex/node-ftp[ftp]:

----
var Client = require('ftp');
var c = new Client();
c.connect({
  'secure': true // Compliant
});
----

include::../exceptions.adoc[]

include::../see.adoc[]