MCPcopy Create free account
hub / github.com/crashappsec/github-analyzer / InsecureWebhookPayloadURL

Function InsecureWebhookPayloadURL

pkg/issue/issue.go:109–125  ·  view source on GitHub ↗
(url string)

Source from the content-addressed store, hash-verified

107}
108
109func InsecureWebhookPayloadURL(url string) Issue {
110 return Issue{
111 ID: INF_DISC_HTTP_WEBHOOK,
112 Name: AvailableChecks[INF_DISC_HTTP_WEBHOOK],
113 Severity: severity.High,
114 Category: category.InformationDisclosure,
115 CWEs: []int{319},
116 Description: fmt.Sprintf(
117 "Non-HTTPS webhook detected: %s",
118 url,
119 ),
120 Resources: []resource.Resource{
121 {ID: url, Kind: resource.Webhook},
122 },
123 Remediation: "It is recommended to use HTTPS webhooks if data involved is sensitive and also enable SSL verification as outlined in https://docs.github.com/en/developers/webhooks-and-events/webhooks/creating-webhooks",
124 }
125}
126
127func OrgAdvancedSecurityDisabled(org string) Issue {
128 return Issue{

Callers 1

AuditWebhooksMethod · 0.92

Calls

no outgoing calls

Tested by

no test coverage detected