Missing TLS validation

Description

When establishing a connection, it is important to validate the SSL/TLS certificate in order to mitigate man-in-the-middle attacks, data interception and related security risks.

Disabling SSL/TLS certification validation is a serious security risk that puts your application at risk.

Remediations

❌ Do not set the NODE_TLS_REJECT_UNAUTHORIZED variable to zero

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_node_missing_tls_validation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_node_missing_tls_validation