Use the new pattern everywhere
Open communication detected in Xamarin
Identified by HCL AppScan CodeSweep
Vulnerability: Communications.Unencrypted
Severity: Low
Details
Missing Encryption of Sensitive Data
Open communication detected in Xamarin
Cause
Open communications is using connections to other systems over an insecure channel. All connections should be SSL aware; use https instead of http. This rule attempts to identify where lingering open communications exist in the code base. Other considerations are the use of unsafe schemes such as javascript://, telnet://, file:// and ftp://. Note that this is not an exhaustive list. The rule catches the most glaring open communication schemes available today.
var host = "127.0.0.1";
var port = "8080";
HttpClient client = new HttpClient();
var response = client.GetAsync("http://" + host + ":" + port);
Fix recommendation
Use a proper, secure way of calling the URLs, such as https and ftps version of any URL.
var host = "127.0.0.1";
var port = "8080";
HttpClient client = new HttpClient();
var response = client.GetAsync("https://" + host + ":" + port);
External references
OWASP - TLS Cipher String Cheat Sheet
OWASP - Transport Layer Protection Cheat Sheet
Copyright © 2021, 2023 HCL Technologies Limited | Disclaimer
Annotations
Check warning on line 83 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #2
Open communication detected in Xamarin
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":83,"columnNumber":0,"language":"Xamarin","vulnName":"Open communication detected in Xamarin","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.xamarin.rules.OpenCommunicationXamarin","context":"\"http://{musicSettings.LavalinkHost}:2333\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":1508174403,"1":1508174403,"2":-2032068290,"3":-2032068290,"4":1817155115,"5":1817155115}}
Check warning on line 87 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #2
Open communication detected in Xamarin
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":87,"columnNumber":0,"language":"Xamarin","vulnName":"Open communication detected in Xamarin","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.xamarin.rules.OpenCommunicationXamarin","context":"\"http://AzzyBot-Ms:{musicSettings.LavalinkPort}\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":504140531,"1":504140531,"2":-605201402,"3":-605201402,"4":1934270771,"5":1934270771}}
Check warning on line 87 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #2
Open communication detected in Xamarin
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":87,"columnNumber":0,"language":"Xamarin","vulnName":"Open communication detected in Xamarin","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.xamarin.rules.OpenCommunicationXamarin","context":"\"http://localhost:{musicSettings.LavalinkPort}\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":1099925168,"1":1099925168,"2":-1596616073,"3":-1596616073,"4":-2082101396,"5":-2082101396}}
Check warning on line 79 in src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs
github-actions / AppScan CodeSweep #2
Open communication detected in Xamarin
Vulnerability: Communications.Unencrypted [Severity: Low]
Raw output
{"file":"IServiceCollectionExtensions.cs","filePath":"src/AzzyBot.Bot/Extensions/IServiceCollectionExtensions.cs","lineNumber":79,"columnNumber":0,"language":"Xamarin","vulnName":"Open communication detected in Xamarin","vulnType":"Communications.Unencrypted","ruleName":"com.hcl.appscan.scanner.xamarin.rules.OpenCommunicationXamarin","context":"\"http://{musicSettings.LavalinkHost}:{musicSettings.LavalinkPort}\"","severity":2,"codeFixes":[{"description":"Use secure URI scheme","name":"com.ouncelabs.languagelite.common.rules.fix.SecureCommFix"}],"hashValues":{"0":1196901791,"1":1196901791,"2":-530785606,"3":-530785606,"4":74171015,"5":74171015}}