trailofbits.yaml.ansible.wrm-cert-validation-ignore.wrm-cert-validation-ignore

profile photo of trailofbitstrailofbits
Author
unknown
Download Count*
CC BY-NC-SA 4.0
License

Found Windows Remote Management connection with certificate validation disabled

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: wrm-cert-validation-ignore
    message: Found Windows Remote Management connection with certificate validation
      disabled
    languages:
      - yaml
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-295: Improper Certificate Validation"
      subcategory:
        - audit
      technology:
        - ansible
      confidence: HIGH
      likelihood: HIGH
      impact: HIGH
      references:
        - https://docs.ansible.com/ansible/latest/os_guide/windows_winrm.html#https-certificate-validation
      license: AGPL-3.0 license
      vulnerability_class:
        - Improper Authentication
    pattern: "ansible_winrm_server_cert_validation: ignore"

Examples

wrm-cert-validation-ignore.test.yaml

---
- name: Positive test
  # ruleid: wrm-cert-validation-ignore
  ansible_winrm_server_cert_validation: ignore