ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5332/docker/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

61 lines
1.8 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
== Ask Yourself Whether
* Application data needs to be protected against tampering or leaks when transiting over the network.
* Application data transits over an untrusted network.
* Compliance rules require the service to encrypt data in transit.
* OS-level protections against clear-text traffic are deactivated.
There is a risk if you answered yes to any of those questions.
== Recommended Secure Coding Practices
* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
** Use ``++https++`` instead of ``++http++``.
It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.
== Sensitive Code Example
[source,docker]
----
RUN curl http://www.example.com/
----
== Compliant Solution
[source,docker]
----
RUN curl https://www.example.com/
----
== See
* https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] - Exposure of Sensitive Information to an Unauthorized Actor
* https://cwe.mitre.org/data/definitions/319[MITRE, CWE-319] - Cleartext Transmission of Sensitive Information
* https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html[Google, Moving towards more secure web]
* https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/[Mozilla, Deprecating non secure http]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
== Message
* Make sure that using clear-text protocols is safe here.
== Highlighting
Highlight the URL.
'''
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink