Leakage of sensitive data in HTTP request
- Rule ID: php_lang_http_url_using_sensitive_data
- Languages: php
- Source: http_url_using_sensitive_data.yml
Description
Sending sensitive data through URLs in HTTP requests exposes it to unnecessary risks. This method of data transmission can lead to the data being captured by intermediaries or being logged by servers, posing a significant privacy and security risk.
Remediations
- Do not include sensitive data in the URL path. This makes the information visible in server logs and to anyone who might intercept the URL.
$curl = curl_init("https://example.com/users/{$user->email}"); // unsafe - Do not append sensitive data as query parameters in URLs. Similar to paths, query parameters are also vulnerable to interception and logging.
$query = http_build_query(['email' => $user->email]); // unsafe
$curl = curl_init("https://example.com/users?$query"); - Do use the HTTP POST method to send sensitive data within the body of the request. This method is more secure as the data is not exposed in the URL.
$query = http_build_query(['email' => $user->email]);
$curl = curl_init("https://example.com/users/list");
curl_setopt($curl, CURLOPT_POSTFIELDS, $query); - Do not send sensitive data if it's not necessary. If you must send identifying information, use less sensitive data that doesn't compromise user privacy or security.
$query = http_build_query(['uuid' => $user->uuid]);
$curl = curl_init("https://example.com/users?$query");References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_http_url_using_sensitive_dataTo run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_http_url_using_sensitive_data