Communication over HTTP

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Communication over HTTP

Metadata

Id: 2e8d4922-8362-4606-8c14-aa10466a1ce3

Cloud Provider: Common

Platform: Ansible

Severity: Medium

Category: Insecure Configurations

Learn More

Provider Reference

Description

Using HTTP URLs in Ansible uri tasks exposes requests and any sensitive data (tokens, credentials, or cookies) to interception and tampering because traffic is sent in plaintext. Tasks that use the ansible.builtin.uri module should have a url property that begins with https://. Tasks whose url starts with http:// are flagged and should be updated to use https:// endpoints or other secure transport.

Secure example:

- name: Call API over HTTPS
  ansible.builtin.uri:
    url: "https://api.example.com/endpoint"
    method: GET

Compliant Code Examples

- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "https://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response

Non-Compliant Code Examples

- name: Verificar o status de um site usando o módulo uri
  hosts: localhost
  tasks:
    - name: Verificar o status do site
      ansible.builtin.uri:
        url: "http://www.example.com"
        method: GET
      register: site_response

    - name: Exibir resposta do site
      debug:
        var: site_response