Use the new pattern everywhere
Open communications scheme detected
Identified by HCL AppScan CodeSweep
Vulnerability: Communications.Unencrypted
Severity: Low
Details
Missing Encryption of Sensitive Data
Open communications scheme detected
Cause
Hard coding insecure connection schemes such as http:// can be dangerous.
Code samples
Insecure connection to remote system
<a href="http://www.someotherwebsite.com">
<img src="file_location/media/img/image.png" alt="Image Decription">
</a>
Secure connection to remote system
<a href="http://localhost/path">
<img src="file_location/media/img/image.png" alt="Image Decription">
</a>
Fix recommendation
Make sure all links are secured (https).
External references
OWASP - TLS Cipher String Cheat Sheet
OWASP - Transport Layer Protection Cheat Sheet
Copyright © 2021, 2023 HCL Technologies Limited | Disclaimer
Annotations
Check warning on line 79 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #1
Open communications scheme detected
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":79,"columnNumber":0,"language":"C#","vulnName":"Open communications scheme detected","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.csharp.rules.OpenCommunicationCsharp","context":"\"http://{musicSettings.LavalinkHost}:{musicSettings.LavalinkPort}\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":1196901791,"1":1196901791,"2":-530785606,"3":-530785606,"4":-806336904,"5":-806336904}}
Check warning on line 83 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #1
Open communications scheme detected
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":83,"columnNumber":0,"language":"C#","vulnName":"Open communications scheme detected","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.csharp.rules.OpenCommunicationCsharp","context":"\"http://{musicSettings.LavalinkHost}:2333\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":1508174403,"1":1508174403,"2":-2032068290,"3":-2032068290,"4":-97441684,"5":-97441684}}
Check warning on line 87 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #1
Open communications scheme detected
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":87,"columnNumber":0,"language":"C#","vulnName":"Open communications scheme detected","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.csharp.rules.OpenCommunicationCsharp","context":"\"http://AzzyBot-Ms:{musicSettings.LavalinkPort}\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":504140531,"1":504140531,"2":-605201402,"3":-605201402,"4":1273561876,"5":1273561876}}