CodeQL documentation

Failure to use HTTPS URLs

ID: cpp/non-https-url
Kind: path-problem
Security severity: 8.1
Severity: warning
Precision: high
   - security
   - external/cwe/cwe-319
   - external/cwe/cwe-345
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Constructing URLs with the HTTP protocol can lead to unsecured connections.


When you construct a URL, ensure that you use an HTTPS URL rather than an HTTP URL. Then, any connections that are made using that URL are secure SSL connections.


The following example shows two ways of opening a connection using a URL. When the connection is opened using an HTTP URL rather than an HTTPS URL, the connection is unsecured. When the connection is opened using an HTTPS URL, the connection is a secure SSL connection.

void openUrl(char *url)
	// ...

openUrl(""); // BAD

openUrl(""); // GOOD: Opening a connection to a URL using HTTPS enforces SSL.


  • © GitHub, Inc.
  • Terms
  • Privacy