Communication Over HTTP

• Query id: 2e8d4922-8362-4606-8c14-aa10466a1ce3
• Query name: Communication Over HTTP
• Platform: Ansible
• Severity: Medium
• Category: Insecure Configurations
• CWE: 319
• URL: Github

Description

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "http://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "https://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response