Unencrypted HTTP request using Unirest
Description
Unirest HTTP call detected using unencrypted protocol (`http://`). Data sent over HTTP is not encrypted and can be intercepted.
Examples
Insecure Code
java
Unirest.get("http://example.com");Secure Code
java
Unirest.get("https://example.com");Remediation
Use HTTPS (`https://`) instead.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0109 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-319 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | unirest, http, https |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |