Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-5332

HTTPS protocol should be used to send HTTP requests

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Replace this http request with an https equivalent.
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      APEX
    • Analysis Scope:
      Main Sources
    • CWE:
      CWE-200
    • OWASP:
      A3

      Description

      Sending request using HTTP protocol exposes every sensitive information to an attacker. The HTTPS protocol should be used instead.

      This rule flags code sending HTTP requests to an "http" endpoint instead of an "https" one.

      See

        Attachments

          Issue Links

          1.
          Apex RSPEC-5333 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                nicolas.harraudeau Nicolas Harraudeau
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: