Insecure SSL configuration in node-libcurl

Description

Disabling `SSL_VERIFYPEER` or `SSL_VERIFYHOST` can lead to serious security risks, including man-in-the-middle (MITM) attacks. Always ensure these checks are enabled.

Examples

Insecure Code

javascript

const { Curl } = require('node-libcurl');
const curl = new Curl();
curl.setOpt('SSL_VERIFYPEER', 0);
curl.setOpt('SSL_VERIFYHOST', 0);

Secure Code

javascript

const { Curl } = require('node-libcurl');
const curl = new Curl();
curl.setOpt('SSL_VERIFYPEER', 1);
curl.setOpt('SSL_VERIFYHOST', 2);

Remediation

Use `SSL_VERIFYPEER = 1` or `true` and `SSL_VERIFYHOST = 2`

Rule Details

Field	Value
ID	CODE-0256
Category	InsecureConfig
Severity	MEDIUM
CWE	CWE-599
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	EASY
Tags	SSL, TLS, MITM
OWASP	A05:2021-Security Misconfiguration

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Insecure SSL configuration in node-libcurl

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Insecure SSL configuration in node-libcurl ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Insecure SSL configuration in node-libcurl

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details