16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
70 lines
1.5 KiB
Plaintext
70 lines
1.5 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === NodeJS built-in modules ===
|
|
const http = require('http');
|
|
const https = require('https');
|
|
|
|
// Endpoints exposed by http.Server and https.Server objects are security-sensitive and should be reviewed.
|
|
// Examples:
|
|
|
|
const srv = new http.Server((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
// http.createServer creates a new http.Server object.
|
|
const srv = http.createServer((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
const srv = new https.Server((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
|
|
// https.createServer creates a new https.Server object.
|
|
const srv = https.createServer((req, res) => {});
|
|
srv.listen(3000); // Sensitive
|
|
----
|
|
|
|
----
|
|
// === ExpressJS ===
|
|
const express = require('express');
|
|
const app = express();
|
|
|
|
// Endpoints exposed by ExpressJS are security-sensitive and should be reviewed.
|
|
// Example:
|
|
|
|
app.get('/', function (req, res) {});
|
|
app.post('/', function (req, res) {});
|
|
app.all('/', function (req, res) {});
|
|
app.listen(3000); // Sensitive
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 7 Dec 2018, 12:55:35 Lars Svensson wrote:
|
|
https://nodejs.org/api/http.html
|
|
|
|
https://nodejs.org/api/https.html
|
|
|
|
https://expressjs.com/en/4x/api.html
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|