swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/semgrep/curl-ssl-verifypeer-off.yaml

24 lines
732 B
YAML
Raw Permalink Blame History

rules:
- id: curl-ssl-verifypeer-off
patterns:
- pattern-either:
- pattern: |
$ARG = $IS_VERIFIED;
...
curl_setopt(..., CURLOPT_SSL_VERIFYPEER, $ARG);
- pattern: curl_setopt(..., CURLOPT_SSL_VERIFYPEER, $IS_VERIFIED)
- metavariable-regex:
metavariable: $IS_VERIFIED
regex: 0|false|null
message: >-
SSL verification is disabled but should not be (currently CURLOPT_SSL_VERIFYPEER=
$IS_VERIFIED)
metadata:
references:
- https://www.saotn.org/dont-turn-off-curlopt_ssl_verifypeer-fix-php-configuration/
category: security
technology:
- php
languages: [php]
severity: ERROR
Reference in New Issue View Git Blame Copy Permalink