trailofbits.generic.wget-unencrypted-url.wget-unencrypted-url
trailofbits
Author
unknown
Download Count*
License
Found wget
command with unencrypted URL (e.g. HTTP, FTP, etc.)
Run Locally
Run in CI
Defintion
rules:
- id: wget-unencrypted-url
message: Found `wget` command with unencrypted URL (e.g. HTTP, FTP, etc.)
languages:
- generic
severity: WARNING
metadata:
category: security
subcategory:
- audit
technology:
- shell
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
confidence: MEDIUM
likelihood: MEDIUM
impact: HIGH
references:
- https://linux.die.net/man/1/wget
license: AGPL-3.0 license
vulnerability_class:
- Mishandled Sensitive Information
pattern-either:
- pattern: wget ... http://
- pattern: wget ... ftp://
Examples
wget-unencrypted-url.sh
#!/bin/bash
# ruleid: wget-unencrypted-url
wget http://google.com
# ruleid: wget-unencrypted-url
wget ftp://google.com
# ok: wget-unencrypted-url
wget https://google.com
Short Link: https://sg.run/10Ddk