Explanation
This rule detects whether a service call or rest service has a URL or host and port parameter defined. Having a URL or host and port defined in the model may result in unexpected behavior. It is only recommended to use the URL
parameter for test purposes. It checks service calls of type:
- AQ_RestServiceClient
- AQ_SoapServiceClient
- AQ_MailService
Possible improvements
Configure the connection in the application.properties file only. This adds the possibility to make the URL dependent on the environment.
See: https://my.blueriq.com/display/DOC/Connections+Properties
Example
For this SOAP service call, the value of URL is set to the "www.example.com".
This results in the following security hotspot:
Overview
Content Tools