From f9ec663068a768ee98cae06e8b8ed6eecbbfd96c Mon Sep 17 00:00:00 2001
From: pierre-loup-tristant-sonarsource
 <pierre-loup-tristant-sonarsource@users.noreply.github.com>
Date: Mon, 30 Sep 2024 09:42:01 +0000
Subject: [PATCH] Add ansible to rule S5332

---
 rules/S5332/ansible/metadata.json | 42 +++++++++++++++++++
 rules/S5332/ansible/rule.adoc     | 69 +++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 rules/S5332/ansible/metadata.json
 create mode 100644 rules/S5332/ansible/rule.adoc

diff --git a/rules/S5332/ansible/metadata.json b/rules/S5332/ansible/metadata.json
new file mode 100644
index 00000000000..b290eb96d5b
--- /dev/null
+++ b/rules/S5332/ansible/metadata.json
@@ -0,0 +1,42 @@
+{
+    "securityStandards": {
+      "CWE": [
+        200,
+        319
+      ],
+      "OWASP": [
+  
+      ],
+      "OWASP Mobile": [
+  
+      ],
+      "MASVS": [
+  
+      ],
+      "OWASP Top 10 2021": [
+  
+      ],
+      "PCI DSS 3.2": [
+        "4.1",
+        "6.5.4"
+      ],
+      "PCI DSS 4.0": [
+        "4.2.1",
+        "6.2.4"
+      ],
+      "ASVS 4.0": [
+  
+      ],
+      "STIG ASD_V5R3": [
+        "V-222397",
+        "V-222534",
+        "V-222562",
+        "V-222563",
+        "V-222577",
+        "V-222596",
+        "V-222597",
+        "V-222598",
+        "V-222599"
+      ]
+    }
+  }
\ No newline at end of file
diff --git a/rules/S5332/ansible/rule.adoc b/rules/S5332/ansible/rule.adoc
new file mode 100644
index 00000000000..367891c4d12
--- /dev/null
+++ b/rules/S5332/ansible/rule.adoc
@@ -0,0 +1,69 @@
+include::../description.adoc[]
+
+== Ask Yourself Whether
+
+* Application data needs to be protected against tampering or leaks when transiting over the network.
+* Application data transits over an untrusted network.
+* Compliance rules require the service to encrypt data in transit.
+* OS-level protections against clear-text traffic are deactivated.
+
+There is a risk if you answered yes to any of those questions.
+
+== Recommended Secure Coding Practices
+
+* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
+** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
+** Use ``++https++`` instead of ``++http++``.
+
+It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.
+
+== Sensitive Code Example
+
+[source,yaml]
+----
+- name: HTTP request
+  hosts: all
+  tasks:
+  - name: Noncompliant
+    uri: 
+        url: http://example.com # Sensitive
+----
+
+== Compliant Solution
+
+[source,yaml]
+----
+- name: HTTPS request
+  hosts: all
+  tasks:
+  - name: Noncompliant
+    uri: 
+        url: https://example.com
+----
+
+== See
+
+include::../common/resources/documentation.adoc[]
+
+include::../common/resources/articles.adoc[]
+
+include::../common/resources/standards-iac.adoc[]
+
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+== Message
+
+* Make sure that using clear-text protocols is safe here.
+
+== Highlighting
+
+Highlight the URL.
+
+'''
+
+endif::env-github,rspecator-view[]