CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
        • Insecure-transport
          • Go stdlib
          • Java spring
          • Java stdlib
          • Js node
          • Ruby stdlib
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Insecure-transport

    Go stdlib

    grequests-http-request

    Checks for requests to http (unencrypted) sites using grequests, a popular HTTP client library. This is dangerous because it could result in plaintext PII being passed around the network.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    ftp-request

    Checks for outgoing connections to ftp servers with the ftp package. FTP does not encrypt traffic, possibly leading to PII being sent plaintext over the network. Instead, connect via the SFTP protocol.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    disallow-old-tls-versions

    Detects creations of tls configuration objects with an insecure MinVersion of TLS. These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    http-customized-request

    Checks for requests sent via http.NewRequest to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    sling-http-request

    Checks for requests to http (unencrypted) sites using gorequest, a popular HTTP client library. This is dangerous because it could result in plaintext PII being passed around the network.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    http-request

    Checks for requests sent via http.$FUNC to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    telnet-request

    Checks for attempts to connect to an insecure telnet server using the package telnet. This is bad because it can lead to man in the middle attacks.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    gorequest-http-request

    Checks for requests to http (unencrypted) sites using gorequest, a popular HTTP client library. This is dangerous because it could result in plaintext PII being passed around the network.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e

    bypass-tls-verification

    Checks for disabling of TLS/SSL certificate verification. This should only be used for debugging purposes because it leads to vulnerability to MTM attacks.
    Likelihood: HIGH
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 1
    - 9
    - :
    -

    - C
    - l
    - e
    - a
    - r
    - t
    - e
    - x
    - t
    -

    - T
    - r
    - a
    - n
    - s
    - m
    - i
    - s
    - s
    - i
    - o
    - n
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - I
    - n
    - f
    - o
    - r
    - m
    - a
    - t
    - i
    - o
    - n
    OWASP:
    - A
    - 0
    - 3
    - :
    - 2
    - 0
    - 1
    - 7
    -

    - -
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - E
    - x
    - p
    - o
    - s
    - u
    - r
    - e
    AuditJava spring
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.