ajinabraham.njsscan.sequelize_weak_tls.sequelize_weak_tls

ajinabraham

Author

1,129

Download Count*

License

The Sequelize connection string indicates that an older version of TLS is in use. TLS1.0 and TLS1.1 are deprecated and should be used. By default, Sequelize use TLSv1.2 but it's recommended to use TLS1.3. Not applicable to SQLite database.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: sequelize_weak_tls
    message: >
      The Sequelize connection string indicates that an older version of TLS is
      in use. TLS1.0 and TLS1.1 are deprecated and should be used. By default,
      Sequelize use TLSv1.2 but it's recommended to use TLS1.3. Not applicable
      to SQLite database.
    metadata:
      owasp-web: a6
      cwe: cwe-757
      license: LGPL-3.0-or-later
    severity: ERROR
    languages:
      - javascript
    patterns:
      - pattern-inside: |
          {
            host: $HOST,
            database: $DATABASE,
            dialect: $DIALECT,
            dialectOptions:
              { ssl: ... }
           }
      - pattern-either:
          - pattern: |
              {
                minVersion: 'TLSv1'
              }
          - pattern: |
              {
                minVersion: 'TLSv1.1'
              }
      - metavariable-regex:
          metavariable: $DIALECT
          regex: "['\"](mariadb|mysql|postgres)['\"]"

Short Link: https://sg.run/nqrd