Use `https` protocol over `http`

Metadata

ID: javascript-express/https-protocol-missing

Language: JavaScript

Severity: Warning

Category: Security

CWE: 693

Description

Per Express documentation:

If your app deals with or transmits sensitive data, use Transport Layer Security (TLS) to secure the connection and the data. This technology encrypts data before it is sent from the client to the server, thus preventing some common (and easy) hacks.

This rule will detect the usage of non https.createServer() usage.

Non-Compliant Code Examples

var http = require('http');
var express = require('express');
var app = express();

var httpServer = http.createServer(app)
httpServer.listen(8080);

Compliant Code Examples

var https = require('https');
var express = require('express');
var app = express();

var httpsServer = https.createServer(app)
httpsServer.listen(8080);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: may/unit-testing