Communication Over HTTP

  • Query id: 2e8d4922-8362-4606-8c14-aa10466a1ce3
  • Query name: Communication Over HTTP
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 319
  • URL: Github

Description

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "http://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "https://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response