Make sure your server uses the https protocol

Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST ルール > Make sure your server uses the https protocol

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: typescript-express/https-protocol-missing

Language: TypeScript

Severity: Notice

Category: Security

CWE: 693

Description

Your server should use the HTTPS protocol to receive connections. You may do this by placing an HTTPS reverse proxy in front of your HTTP server, or by using https.createServer() instead of http.createServer().

Per Express documentation:

If your app deals with or transmits sensitive data, use Transport Layer Security (TLS) to secure the connection and the data. This technology encrypts data before it is sent from the client to the server, thus preventing some common (and easy) hacks.

Non-Compliant Code Examples

import http from 'http';
import express, { Express } from 'express';

const app: Express = express();

var httpServer = http.createServer(app)
httpServer.listen(8080);

Compliant Code Examples

import https from 'https';
import fs from 'fs';
import express, { Express } from 'express';

const app: Express = express();

var options = {
  key: fs.readFileSync('path/to/the/key.pem'),
  cert: fs.readFileSync('path/to/the/cert.cert')
};

var httpsServer = https.createServer(options, app)
httpsServer.listen(443);

Make sure your server uses the https protocol

Metadata

Description

Non-Compliant Code Examples

Compliant Code Examples

How can I help you today?