Communication over HTTP

• Query id: d7dc9350-74bc-485b-8c85-fed22d276c43
• Query name: Communication over HTTP
• Platform: Ansible
• Severity: Medium
• Category: Insecure Configurations
• CWE: 319
• URL: Github

Description

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - cfg file

[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=http://galaxy.ansible.com

Code samples without security vulnerabilities

Negative test num. 1 - cfg file

[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=https://galaxy.ansible.com