Using clear-text protocols exposes data in transit to eavesdropping and man-in-the-middle attacks.
An attacker who can observe network traffic — for example through a compromised network device, a position on the same network segment, or a cloud
environment breach — can read, modify, or inject data sent over ftp, telnet, http, or unencrypted SMTP without
detection. This is true even on internal or isolated networks, where insider threats or lateral movement after an initial compromise can expose
unencrypted traffic. This rule raises an issue when a clear-text protocol scheme is used or when encryption is explicitly disabled for a network
connection.
An attacker who can intercept network traffic can read all data transmitted over clear-text connections, including credentials, session tokens, API keys, or personal data.
Because clear-text protocols provide no integrity protection, an attacker in a man-in-the-middle position can silently modify data in transit — redirecting users to malicious endpoints, injecting malicious content into responses, or altering commands sent to remote services.
The following code uses a clear-text protocol or disables encryption for a network connection, leaving transmitted data exposed to interception.
name: Download Data
on: push
jobs:
download:
runs-on: ubuntu-latest
steps:
- name: Download file
run: curl http://www.example.com/ # Noncompliant
name: Download Data
on: push
jobs:
download:
runs-on: ubuntu-latest
steps:
- name: Download file
run: curl https://www.example.com/
No issue is reported for the following cases:
www.w3.org,
schemas.android.com, schema.org).example.com, example.net, example.org (RFC 6761). These
are almost always placeholders in source code, not real connection targets.