# Cleartext Transmission of Sensitive Information (CWE-319)

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

**Stack:** Python

- Prevalence: उच्च बार-बार शोषित
- Impact: उच्च 5 उच्च गंभीरता वाले नियम
- Prevention: प्रलेखित 6 फिक्स उदाहरण

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Many communication channels can be sniffed by attackers during data transmission. When sensitive data is transmitted without encryption, an attacker can intercept and read this information. Secure channels like TLS should be used to protect sensitive data in transit.

## Prevention

### Python

Use HTTPS for all external requests and enable SSL redirect in frameworks

## Warning Signs

- [HIGH] use of unencrypted HTTP for sensitive operations like API calls,
authentication, payment processing,

## Consequences

- एप्लिकेशन डेटा पढ़ना
- सुरक्षा तंत्र को बायपास करना

## Mitigations

- सभी संवेदनशील डेटा को प्रसारण से पहले एनक्रिप्ट करें
- संवेदनशील डेटा प्रसारित करने वाले सभी कनेक्शनों के लिए TLS/SSL का उपयोग करें
- मोबाइल एप्लिकेशनों के लिए certificate pinning लागू करें

## Detection

- Total rules: 6
- Languages: go, kubernetes, yaml, python

## Rules by Language

### Python (1 rules)

- **HTTP Used Instead of HTTPS** [HIGH]: Detects use of unencrypted HTTP for sensitive operations like API calls,
authentication, payment processing, or data transmission. HTTP traffic is
sent in cleartext and can be intercepted. Always use HTTPS.
  - Remediation: Use HTTPS for all external requests and enable SSL redirect.

```python
import requests

API_URL = "https://api.example.com"

response = requests.get(f"{API_URL}/data", verify=True, timeout=10)

# Django settings.py
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
```

Learn more: https://shoulder.dev/learn/python/cwe-319/http-not-https