-
Notifications
You must be signed in to change notification settings - Fork 384
/
react-insecure-request.yaml
61 lines (61 loc) · 1.77 KB
/
react-insecure-request.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
rules:
- id: react-insecure-request
message: >-
Unencrypted request over HTTP detected.
metadata:
vulnerability: Insecure Transport
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
cwe:
- 'CWE-319: Cleartext Transmission of Sensitive Information'
references:
- https://www.npmjs.com/package/axios
category: security
technology:
- react
subcategory:
- vuln
likelihood: LOW
impact: MEDIUM
confidence: MEDIUM
languages:
- typescript
- javascript
severity: ERROR
pattern-either:
- patterns:
- pattern-either:
- pattern-inside: |
import $AXIOS from 'axios';
...
$AXIOS.$METHOD(...)
- pattern-inside: |
$AXIOS = require('axios');
...
$AXIOS.$METHOD(...)
- pattern-either:
- pattern: $AXIOS.get("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.post("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.delete("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.head("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.patch("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.put("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- pattern: $AXIOS.options("=~/[Hh][Tt][Tt][Pp]:\/\/.*/",...)
- patterns:
- pattern-either:
- pattern-inside: |
import $AXIOS from 'axios';
...
$AXIOS(...)
- pattern-inside: |
$AXIOS = require('axios');
...
$AXIOS(...)
- pattern-either:
- pattern: '$AXIOS({url: "=~/[Hh][Tt][Tt][Pp]:\/\/.*/"}, ...)'
- pattern: |
$OPTS = {url: "=~/[Hh][Tt][Tt][Pp]:\/\/.*/"}
...
$AXIOS($OPTS, ...)
- pattern: fetch("=~/[Hh][Tt][Tt][Pp]:\/\/.*/", ...)