[SAST] SSL_Verification_Bypass in file cosmosdb.ts
Location:
Destination | ||
---|---|---|
File | seismic-store-service/app/sdms/src/cloud/providers/azure/cosmosdb.ts | |
Line number | 67 | |
Object | rejectUnauthorized | |
Code line | rejectUnauthorized: false |
Description
\seismic-store-service\app\sdms\src\cloud\providers\azure\cosmosdb.ts relies HTTPS requests, in constructor. The rejectUnauthorized parameter, at line 67, effectively disables verification of the SSL certificate trust chain.
JavaScript Explicitly Disabling Certificate Verification var https = require('https'); var options = { hostname: 'domain.com', port: 443, path: '/', method: 'GET', rejectUnauthorized: false; }; options.agent = new https.Agent(options); var req = https.request(options, function(res) { res.on('data', function(d) { handleRequest(d); }); }); req.end();