Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Sensitive Code Example

      url = "http://example.com"; // Sensitive
      url = "ftp://anonymous@example.com"; // Sensitive
      url = "telnet://anonymous@example.com"; // Sensitive
      

      For nodemailer:

      const nodemailer = require("nodemailer");
      let transporter = nodemailer.createTransport({
        secure: false, // Sensitive
        requireTLS: false // Sensitive
      });
      
      const nodemailer = require("nodemailer");
      let transporter = nodemailer.createTransport({}); // Sensitive
      

      For ftp:

      var Client = require('ftp');
      var c = new Client();
      c.connect({
        'secure': false // Sensitive
      });
      

      For telnet-client:

      const Telnet = require('telnet-client'); // Sensitive
      

      Compliant Solution

      url = "https://example.com"; // Compliant
      url = "sftp://anonymous@example.com"; // Compliant
      url = "ssh://anonymous@example.com"; // Compliant
      

      For nodemailer one of the following options must be set:

      const nodemailer = require("nodemailer");
      let transporter = nodemailer.createTransport({
        secure: true, // Compliant
        requireTLS: true, // Compliant
        port: 465, // Compliant
        secured: true // Compliant
      });
      

      For ftp:

      var Client = require('ftp');
      var c = new Client();
      c.connect({
        'secure': true // Compliant
      });
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            hendrik.buchwald Hendrik Buchwald
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: