TH17119
Detected presence of files containing URLs with suspicious path components.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. URL paths provide additional information to a web service when making a request. They are an optional, but an important part of the URL, as they may define specific content or actions based on the data being passed. Some parameters they pass might be considered sensitive information. Since path components are not encrypted this might cause sensitive information to leak. This issue is raised for URL paths than might contain information that attackers can easily intercept. Examples of sensitive information fields include passwords and other similar parameters.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider removing all references to flagged network locations.
Recommended readingโ
- URL components (External resource - Wikipedia)