Improper Certificate Validation High

Lack of validation or insufficient validation of a security certificate can lead to host impersonation and sensitive data leaks.

Detector ID
ruby/improper-certificate-validation@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1require "httparty"
2
3def certificate_validation_noncompliant
4
5  # Noncompliant: SSL certificate validation is disabled.
6  HTTParty.get("http://example.com/", verify: false)
7
8end

Compliant example

1require "httparty"
2
3def certificate_validation_compliant
4
5  # Compliant: SSL certificate validation is enabled.
6  HTTParty.get("http://example.com/", verify: true)
7
8end