- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/ssl-no-verify
Language: Ruby
Severity: Warning
Category: Security
CWE: 295
The rule “Ensure SSL connections are verified” is a security best practice in Ruby development. It mandates the verification of SSL connections when making HTTPS requests. This is important because it prevents man-in-the-middle attacks, where an attacker could potentially intercept and alter the data being transmitted.
In the non-compliant code sample, the OpenSSL::SSL::VERIFY_NONE
mode is used, which turns off the SSL certificate verification. This makes the connection vulnerable to potential attacks.
To comply with this rule and ensure secure coding practices, always use OpenSSL::SSL::VERIFY_PEER
mode for SSL certificate verification, as demonstrated in the compliant code sample. This ensures that the SSL connection is verified and secure, preventing any unauthorized interception or alteration of data.
require "net/https"
require "uri"
uri = URI.parse("https://example.com/")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
require "net/https"
require "uri"
uri = URI.parse("https://example.com/")
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
request = Net::HTTP::Get.new(uri.request_uri)
response = http.request(request)
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products