Communication over HTTP

  • Query id: d7dc9350-74bc-485b-8c85-fed22d276c43
  • Query name: Communication over HTTP
  • Platform: Ansible
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 319
  • URL: Github

Description

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - cfg file
[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=http://galaxy.ansible.com

Code samples without security vulnerabilities

Negative test num. 1 - cfg file
[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=https://galaxy.ansible.com