Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      char* http_url = "http://example.com"; // Sensitive
      char* ftp_url = "ftp://anonymous@example.com"; // Sensitive
      char* telnet_url = "telnet://anonymous@example.com"; // Sensitive
      
      #include <curl/curl.h>
      
      CURL *curl_ftp = curl_easy_init();
      curl_easy_setopt(curl_ftp, CURLOPT_URL, "ftp://example.com/"); // Sensitive
      
      CURL *curl_smtp = curl_easy_init();
      curl_easy_setopt(curl_smtp, CURLOPT_URL, "smtp://example.com:587"); // Sensitive
      

      Compliant Solution

      char* https_url = "https://example.com" # Compliant
      char* sftp_url = "sftp://anonymous@example.com" # Compliant
      char* ssh_url = "ssh://anonymous@example.com" # Compliant
      
      #include <curl/curl.h>
      
      CURL *curl_ftps = curl_easy_init();
      curl_easy_setopt(curl_ftps, CURLOPT_URL, "ftp://example.com/"); // Compliant
      curl_easy_setopt(curl_ftps, CURLOPT_USE_SSL, CURLUSESSL_ALL); // FTP transport is done over TLS
      
      CURL *curl_smtp_tls = curl_easy_init();
      curl_easy_setopt(curl_smtp_tls, CURLOPT_URL, "smtp://example.com:587"); // Compliant
      curl_easy_setopt(curl_smtp_tls, CURLOPT_USE_SSL, CURLUSESSL_ALL); // SMTP with STARTTLS
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            pierre-loup.tristant Pierre-Loup Tristant
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: