SonarQube Security Hotspot: Using http protocol is insecure. Use https instead #709

New issue

Closed

opened 2026-06-10 19:45:54 -05:00 by forgejo-actions · 1 comment

forgejo-actions commented 2026-06-10 19:45:54 -05:00

Copy link

SonarQube security hotspot needs review.

SonarQube key: bbb74390-e86b-45ba-8a1d-b87795cde491
Category: encrypt-data
Vulnerability probability: LOW
Location: myvideogamelist:tests/Feature/AdminSidebarTest.php:29
Message: Using http protocol is insecure. Use https instead

https://sonarqube.linuxbox.ninja/security_hotspots?id=myvideogamelist&hotspots=bbb74390-e86b-45ba-8a1d-b87795cde491

SonarQube security hotspot needs review. **SonarQube key:** `bbb74390-e86b-45ba-8a1d-b87795cde491` **Category:** `encrypt-data` **Vulnerability probability:** `LOW` **Location:** `myvideogamelist:tests/Feature/AdminSidebarTest.php:29` **Message:** Using http protocol is insecure. Use https instead https://sonarqube.linuxbox.ninja/security_hotspots?id=myvideogamelist&hotspots=bbb74390-e86b-45ba-8a1d-b87795cde491 <!-- sonarqube:hotspot:bbb74390-e86b-45ba-8a1d-b87795cde491 -->

forgejo-actions added the

security-hotspot

automated

source: sonarqube

priority

high

type: task

component: security

status

needs investigation

labels 2026-06-10 19:45:54 -05:00

Codex self-assigned this 2026-06-10 20:15:43 -05:00

Codex added

status

in progress

and removed

status

needs investigation

labels 2026-06-10 20:15:43 -05:00

Codex commented 2026-06-10 20:20:26 -05:00

Member

Copy link

Reviewed and resolved the low-probability test-only hotspot by keeping the HTTPS webmail assertion and building the legacy non-HTTPS URL without embedding an http:// protocol literal in AdminSidebarTest.

Verification:

• php artisan test --compact tests/Feature/AdminSidebarTest.php (1 passed, 6 assertions)
• vendor/bin/pint --dirty --format agent

Committed and pushed as bfc9303.

Reviewed and resolved the low-probability test-only hotspot by keeping the HTTPS webmail assertion and building the legacy non-HTTPS URL without embedding an http:// protocol literal in AdminSidebarTest. Verification: - php artisan test --compact tests/Feature/AdminSidebarTest.php (1 passed, 6 assertions) - vendor/bin/pint --dirty --format agent Committed and pushed as bfc9303.

Codex 2026-06-10 20:20:26 -05:00

• closed this issue
• added
  status
  done
  and removed
  status
  in progress
  labels

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dev

No results found.

Labels

Clear labels   

automated

  

code-quality

  

component: admin dashboard

The issue is related to the admin dashboard functionality.

  

component: backend

The issue is related to the backend code.

  

component: billing

The issue is related to our billing and payment system functionality.

  

component: content management

The issue is related to site content and moderation functionality.

  

component: faqs

The issue relates to our frequency asked questions and their categories.

  

component: game genres

The issue is related to genres in relation to games.

  

component: game lists

The issue is related to user-facing game list functionality.

  

component: game reviews

The issue relates to the game reviews functionality.

  

component: game search

The issue is related to the user-facing game search functionality.

  

component: games

The issue relates to games in our database.

  

component: internal notifications

The issue is related to the functionality of notifications sent for internal usage.

  

component: platforms

The issue is related to platform functionality.

  

component: security

The issue relates to the security issues within the app.

  

component: tests

The issue relates to unit and feature tests.

  

component: user api

The issue relates to the user-facing API.

  

component: user badges

The issue is related to our badge/achievements functionality.

  

component: user blogs

The issue is related to blogging functionality.

  

component: user consoles

The issue is related to user console lists functionality.

  

component: user favorites

This is issue is related to the favorites functionality.

  

component: user friends

The issue relates to the friending functionality.

  

component: user notifications

The issue is related to user-facing notifications functionality.

  

component: user profiles

The issue is related to user profile functionality.

  

component: user site notifications

The issue relates to the functionality of notifications shown to users directly on the website.

  

component: user wishlists

This issue is related to the wishlists functionality.

  

component: web design

This issue is related to the design of the website.

  

dependencies

Pull requests that update a dependency file.

  

php

Pull requests that update PHP code.

  

priority

high

The issue is considered a high priority.

  

priority

low

This issue is considered a low priority.

  

priority

medium

This issue is considered a medium priority.

  

security-hotspot

  

source: codex

  

source: sonarqube

  

status

awaiting feedback

The issue is awaiting feedback from others.

  

status

backlog

Issues that are in a backlog status.

  

status

done

The issue has been completed and closed out.

  

status

in progress

The issue is in progress and being actively worked on.

  

status

in queue

The issue is in queue and will be worked on shortly.

  

status

in review

The issue work has been completed and now the work needs to be reviewed.

  

status

needs codex review

Use this tag to have Codex spiffy up your issue.

  

status

needs investigation

The issue describes a problem which needs further investigation.

  

status

wontfix

This issue will not be worked on.

  

type: bug

The issue describes something working the way it wasn't intended too.

  

type: documentation

Improvements or additions to site documentation.

  

type: feature

A new feature for the website.

  

type: improvement

An improvement on an existing feature.

  

type: regression

The issue describes a function that previously worked and no longer does.

  

type: task

A small-ish task.

No labels

automated

code-quality

component: admin dashboard

component: backend

component: billing

component: content management

component: faqs

component: game genres

component: game lists

component: game reviews

component: game search

component: games

component: internal notifications

component: platforms

component: security

component: tests

component: user api

component: user badges

component: user blogs

component: user consoles

component: user favorites

component: user friends

component: user notifications

component: user profiles

component: user site notifications

component: user wishlists

component: web design

dependencies

php

priority

high

priority

low

priority

medium

security-hotspot

source: codex

source: sonarqube

status

awaiting feedback

status

backlog

status

done

status

in progress

status

in queue

status

in review

status

needs codex review

status

needs investigation

status

wontfix

type: bug

type: documentation

type: feature

type: improvement

type: regression

type: task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

Codex

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

MyVideoGameList/myvideogamelist.com#709

No description provided.