[Security Bug] Insecure crypto usage

Description
----------------
Detected SSL that will accept an unverified connection. This makes the connections susceptible to man-in-the-middle attacks.

Used verify_mode as VERIFY_NONE as below in various source code file in this repo.
..
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
..

Effected files:
[metrics-apache-graphite.rb :](https://github.com/sensu-plugins/sensu-plugins-http/blob/115bc8d2d0708f5f89338bf499770abdb1864157/bin/check-http-cors.rb#L128C12-L128C23)
https://github.com/sensu-plugins/sensu-plugins-http/blob/115bc8d2d0708f5f89338bf499770abdb1864157/bin/check-http-json.rb#L164
https://github.com/sensu-plugins/sensu-plugins-http/blob/115bc8d2d0708f5f89338bf499770abdb1864157/bin/check-http.rb#L330
https://github.com/sensu-plugins/sensu-plugins-http/blob/115bc8d2d0708f5f89338bf499770abdb1864157/bin/check-https-cert.rb#L90
https://github.com/sensu-plugins/sensu-plugins-http/blob/115bc8d2d0708f5f89338bf499770abdb1864157/bin/metrics-http-json-deep.rb#L112

Remediation
------------------
1. Use 'OpenSSL::SSL::VERIFY_PEER' instead.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security Bug] Insecure crypto usage #191

Description

Remediation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security Bug] Insecure crypto usage #191

Description

Description

Remediation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions