ajinabraham.njsscan.tls_node.node_tls_reject

Author
1,155
Download Count*
License
Setting 'NODE_TLS_REJECT_UNAUTHORIZED' to 0 will allow node server to accept self signed certificates and is not a secure behaviour.
Run Locally
Run in CI
Defintion
rules:
- id: node_tls_reject
patterns:
- pattern-either:
- pattern: |
$X.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
- pattern: |
$X.env['NODE_TLS_REJECT_UNAUTHORIZED']= '0'
message: Setting 'NODE_TLS_REJECT_UNAUTHORIZED' to 0 will allow node server to
accept self signed certificates and is not a secure behaviour.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a6
cwe: cwe-295
license: LGPL-3.0-or-later
Short Link: https://sg.run/yd2k