LeapFixSeverity: Medium
Score: 5
Accurracy: Confirmed
Language: dart
CVSS v3.1: /AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Potential insecure communication vulnerability detected. HTTP is used instead of HTTPS.
Using unencrypted HTTP instead of HTTPS for communication can expose data to interception and tampering. In this code example, the line containing Uri.http('example.com', '/api/data'); shows the absence of a secure connection in transit, which may impact the confidentiality and integrity of the endpoint data. This vulnerability appears in the OWASP API TOP 10 as misconfiguration.
import 'package:flutter/material.dart';
import 'package:http/http.dart' as http;
void main() => runApp(MyApp());
class MyApp extends StatelessWidget {
@override
Widget build(BuildContext context) {
return MaterialApp(
home: InsecureCommunicationExample(),
);
}
}
class InsecureCommunicationExample extends StatefulWidget {
@override
_InsecureCommunicationExampleState createState() => _InsecureCommunicationExampleState();
}
class _InsecureCommunicationExampleState extends State<InsecureCommunicationExample> {
Future<void> _sendInsecureData() async {
// Using HTTP for insecure communication
final url = Uri.http('example.com', '/api/data');
final response = await http.post(url, body: {'key': 'value'});
if (response.statusCode == 200) {
// Successfully sent data
ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text('Data sent insecurely')));
} else {
// Error sending data
ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text('Failed to send data')));
}
}
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(title: Text('Insecure Communication')),
body: Center(
child: ElevatedButton(
onPressed: _sendInsecureData,
child: Text('Send Insecure Data'),
),
),
);
}
}
This example "how to fix your code!"
Ensure that communication channels use HTTPS and that certificates are properly validated. In this code example, the line containing final url = Uri.https('example.com', '/api/data'); uses HTTPS for a secure connection in transit, ensuring the confidentiality and integrity of the endpoint data. Don't forget to configure the certificate correctly for the application to function properly.
This is just example:
import 'package:flutter/material.dart';
import 'package:http/http.dart' as http;
void main() => runApp(MyApp());
class MyApp extends StatelessWidget {
@override
Widget build(BuildContext context) {
return MaterialApp(
home: SecureCommunicationExample(),
);
}
}
class SecureCommunicationExample extends StatefulWidget {
@override
_SecureCommunicationExampleState createState() => _SecureCommunicationExampleState();
}
class _SecureCommunicationExampleState extends State<SecureCommunicationExample> {
Future<void> _sendSecureData() async {
// Using HTTPS for secure communication
final url = Uri.https('example.com', '/api/data');
final response = await http.post(url, body: {'key': 'value'});
if (response.statusCode == 200) {
// Successfully sent data
ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text('Data sent securely')));
} else {
// Error sending data
ScaffoldMessenger.of(context).showSnackBar(SnackBar(content: Text('Failed to send data')));
}
}
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(title: Text('Secure Communication')),
body: Center(
child: ElevatedButton(
onPressed: _sendSecureData,
child: Text('Send Secure Data'),
),
),
);
}
}