Disabling SSL/TLS Verification in RestClient

Description

The RestClient is configured to disable SSL/TLS verification, which can make the application vulnerable to man-in-the-middle attacks. This is a security risk because it allows an attacker to intercept and modify the communication between the client and the server.

Examples

Insecure Code

ruby

RestClient::Resource.new('https://example.com', :verify_ssl => false).get

Secure Code

ruby

RestClient::Resource.new('https://example.com', :verify_ssl => true).get

Remediation

Enable SSL/TLS verification by setting :verify_ssl to true or a valid OpenSSL::SSL::VERIFY constant.

Rule Details

Field	Value
ID	CODE-0807
Category	InsecureConfig
Severity	CRITICAL
CWE	CWE-295
Confidence	HIGH
Impact	HIGH
Likelihood	HIGH
Exploitability	EASY
Tags	ssl, tls, verification
OWASP	N/A

References

https://github.com/rest-client/rest-client#ssl-client-certificates

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Disabling SSL/TLS Verification in RestClient

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Disabling SSL/TLS Verification in RestClient ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Disabling SSL/TLS Verification in RestClient

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References