Product: SonarCloud
Language: Typescript (NodeJS)
Security Hotspot: typescript:S5332
SonarCloud is reporting a ‘Using clear-text protocols is security-sensitive’ Security Hotspot even though AWS SES SDK (SES Client - AWS SDK for JavaScript v3) only ever uses HTTPS.
Usually the Transport
interface from nodemailer
has secure/secured/tls
properties but this is not the case for the SES transport, as they are not configurable.
import * as ses from '@aws-sdk/client-ses'
import nodemailer from 'nodemailer'
const sesClient = new ses.SES({ region: AWS_REGION })
const transporter = nodemailer.createTransport({
SES: {
ses: sesClient,
aws: ses,
},
})
Link to the Security Hotspot: SonarSource Code Analyzers Rules Explorer