trailofbits.generic.wget-no-check-certificate.wget-no-check-certificate
trailofbits
Author
unknown
Download Count*
License
Found wget
command disabling SSL verification
Run Locally
Run in CI
Defintion
rules:
- id: wget-no-check-certificate
message: Found `wget` command disabling SSL verification
languages:
- generic
severity: WARNING
metadata:
category: security
subcategory:
- audit
technology:
- shell
cwe: "CWE-295: Improper Certificate Validation"
confidence: MEDIUM
likelihood: MEDIUM
impact: HIGH
references:
- https://linux.die.net/man/1/wget
license: AGPL-3.0 license
vulnerability_class:
- Improper Authentication
pattern-either:
- pattern: wget ... --no-check-certificate
- pattern: wget ... --no-hsts
Examples
wget-no-check-certificate.sh
#!/bin/bash
# ruleid: wget-no-check-certificate
wget --no-check-certificate https://google.com
# ruleid: wget-no-check-certificate
wget --no-hsts https://google.com
# ok: wget-no-check-certificate
wget https://google.com
Short Link: https://sg.run/j2WyD