Amazon Q
Detector Library
Ruby detectors (21/21)
SQL InjectionDivide by ZeroSensitive HTTP ActionInsufficient Protected CredentialsSensitive Information LeakUntrusted DeserializationLog InjectionXML External EntityPath InjectionHttp to File AccessCode InjectionOS Command InjectionResource leakCross Site Scripting (XSS)Untrusted OpenImproper Input ValidationStack Trace ExposureImproper Certificate Validationsend_file InjectionUnsafe File PermissionsTainted Format
Improper Certificate Validation High
Lack of validation or insufficient validation of a security certificate can lead to host impersonation and sensitive data leaks.
Detector ID
ruby/improper-certificate-validation@v1.0
Category
Common Weakness Enumeration (CWE) 
Noncompliant example
1require "httparty"
2
3def certificate_validation_noncompliant
4
5 # Noncompliant: SSL certificate validation is disabled.
6 HTTParty.get("http://example.com/", verify: false)
7
8endCompliant example
1require "httparty"
2
3def certificate_validation_compliant
4
5 # Compliant: SSL certificate validation is enabled.
6 HTTParty.get("http://example.com/", verify: true)
7
8end