Why this matters
Disabling SSL/TLS certificate validation exposes applications to Man-in-the-Middle (MitM) attacks, compromising security.
Disabling SSL/TLS certificate validation exposes applications to Man-in-the-Middle (MitM) attacks, compromising security.
Disabling SSL/TLS certificate validation exposes applications to Man-in-the-Middle (MitM) attacks, compromising security.
Side-by-side examples engineers can pattern-match during review.
using System.Net;
using System.Net.Http;
public static void connect()
{
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, errors) => {
return true; // Noncompliant
};
HttpClient httpClient = new HttpClient();
HttpResponseMessage response = httpClient.GetAsync("https://example.com").Result;
}// (no example provided)using System.Net;
using System.Net.Http;
public static void connect()
{
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, errors) => {
return true; // Noncompliant
};
HttpClient httpClient = new HttpClient();
HttpResponseMessage response = httpClient.GetAsync("https://example.com").Result;
}From the same buckets as this rule.