Lack of validation or insufficient validation of a security certificate can lead to host impersonation and sensitive data leaks.
1require "httparty"
2
3def certificate_validation_noncompliant
4
5 # Noncompliant: SSL certificate validation is disabled.
6 HTTParty.get("http://example.com/", verify: false)
7
8end
1require "httparty"
2
3def certificate_validation_compliant
4
5 # Compliant: SSL certificate validation is enabled.
6 HTTParty.get("http://example.com/", verify: true)
7
8end