vuln-fix: Use HTTPS instead of HTTP to resolve dependencies

This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <[email protected]>
JLLeitschuh · Jul 21, 2022 · 5546aac · 5546aac
1 parent eb23783
commit 5546aac
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/src/test/resources/receipt.pdf b/app/src/test/resources/receipt.pdf
diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ buildscript {
         google()
         jcenter()
         maven { url "https://jitpack.io" }
-        maven { url 'http://repository.adincube.com/maven' }
+        maven { url 'https://repository.adincube.com/maven' }
         maven { url "https://plugins.gradle.org/m2/" }
 
     }
@@ -27,7 +27,7 @@ allprojects {
         google()
         jcenter()
         maven { url "https://jitpack.io" }
-        maven { url 'http://repository.adincube.com/maven' }
+        maven { url 'https://repository.adincube.com/maven' }
     }
 }