- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/no-http
Language: Ruby
Severity: Info
Category: Security
CWE: 319
This rule is designed to prevent the use of the insecure HTTP protocol in your Ruby code. The HTTP protocol does not encrypt the data that is sent between the client and the server, which can lead to sensitive information being intercepted by malicious parties. This is particularly risky when dealing with sensitive data such as API keys, user credentials, or personal user information.
The importance of this rule lies in the security and integrity of your application. By using an unsecured protocol like HTTP, you expose your application and its users to potential data breaches. A breach can lead to loss of trust, legal liability, and significant remediation costs.
To avoid violating this rule, always use the HTTPS protocol when making network requests. HTTPS encrypts the data sent between the client and server, protecting it from interception. By using libraries like Faraday
, HTTPX
, HTTParty
, RestClient
, or Ruby’s built-in Net::HTTP
, you can specify HTTPS by simply replacing ‘http://’ with ‘https://’. For example, instead of HTTP.get("http://example.org")
, use HTTP.get("https://example.org")
. Always ensure that any third-party services your application interacts with support HTTPS.
require "faraday"
require 'uri'
params = {title: "foo", body: "bar", userID: 1}
encoded_params = URI.encode_www_form(params)
response = Faraday.post("http://example.org", encoded_params)
p response.body if response.status == 201
require "httpx"
response = HTTPX.get("http://www.example.org")
puts response.body if response.status == 200
require "http"
response = HTTP.get("http://example.org", :params => {:api_key => "API_KEY"})
response = HTTP.post("http://example.org", :form => something)
require 'httparty'
response = HTTParty.get('http://example.org')
puts response.body if response.code == 200
response = HTTParty.get('http://example.com', format: :plain)
RestClient.post "http://example.com", {'x' => 1}.to_json, {content_type: :json, accept: :json}
require 'uri'
require 'net/http'
uri = URI('http://example.org')