Avoid HTTP url

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: apex-security/no-http

Language: Apex

Severity: Warning

Category: Security

CWE: 319

Description

This rule flags the use of HTTP URLs in Apex code. Using HTTP instead of HTTPS can expose data transmitted between the client and server to interception or tampering, leading to potential security vulnerabilities. Ensuring URLs use HTTPS helps protect sensitive information by encrypting the communication channel.

To comply with this rule, always use HTTPS URLs when making network calls or referencing external resources. For example, instead of String url = 'http://example.com/api';, use String url = 'https://example.com/api';. Additionally, review and update any hardcoded URLs in your codebase to ensure they use HTTPS to maintain secure communication standards.

Non-Compliant Code Examples

public class AccountHelper {

    public void foo() {
        String foo = 'http://subdomain.salesforce.com/something';
    }
}

Compliant Code Examples

public class AccountHelper {

    public void foo() {
        String foo = 'https://subdomain.salesforce.com/something';
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security