Avoid fetching data from HTTP endpoint

Documentos > Code Analysis > Static Analysis Rules > Avoid fetching data from HTTP endpoint

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: docker-best-practices/avoid-http

Language: Docker

Severity: Warning

Category: Security

CWE: 319

Description

Always use https links instead of http. Do not use clear-text protocols as they lack encryption and authentication.

Non-Compliant Code Examples

RUN cd /tmp && wget http://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O http://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN foobar http://domain.tld

Compliant Code Examples

RUN cd /tmp && wget https://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O https://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O http://localhost:8080/path