Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Questionable Code Example

      // === NodeJS built-in modules ===
      const http = require('http');
      const https = require('https');
      
      // Endpoints exposed by http.Server and https.Server objects are security-sensitive and should be reviewed.
      // Examples:
      
      const srv = new http.Server((req, res) => {});
      srv.listen(3000); // Questionable
      
      // http.createServer creates a new http.Server object.
      const srv = http.createServer((req, res) => {});
      srv.listen(3000); // Questionable
      
      const srv = new https.Server((req, res) => {});
      srv.listen(3000); // Questionable
      
      // https.createServer creates a new https.Server object.
      const srv = https.createServer((req, res) => {});
      srv.listen(3000); // Questionable
      
      // === ExpressJS ===
      const express = require('express');
      const app = express();
      
      // Endpoints exposed by ExpressJS are security-sensitive and should be reviewed.
      // Example:
      
      app.get('/', function (req, res) {});
      app.post('/', function (req, res) {});
      app.all('/', function (req, res) {});
      app.listen(3000); // Questionable
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lars.svensson Lars Svensson (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: