Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Explanation

This rule detects whether a service call or rest service has a URL or host and port parameter defined. Having a URL or host and port defined in the model may result in unexpected behavior. It is only recommended to use the URL
parameter for test purposes. It checks service calls of type: 

  • AQ_RestServiceClient
  • AQ_SoapServiceClient
  • AQ_MailService

Possible improvements

Configure the connection in the application.properties file only. This adds the possibility to make the URL dependent on the environment.
See: https://my.blueriq.com/display/DOC/Connections+Properties

Example

For this SOAP service call, the value of URL is set to the "www.example.com". 

This results in the following security hotspot: