Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider removing insecure getTlsSslContext and trustAllCertificates #1183

Open
intrigus-lgtm opened this issue Jun 23, 2020 · 0 comments
Open

Comments

@intrigus-lgtm
Copy link

Issue Overview

Hi, please consider removing trustAllCertificates and
getTlsSslContext.
Both are not used by arquilian-cube as far as my static analysis tool knows.
Both functions are in my opinion dangerous and should be removed if they are unused.
trustAllCertificates trusts all certificates and disables hostname verification.
This is problematic, because it does this for every HttpsURLConnection.
getTlsSslContext only trusts all certificates but does not do this for every HttpsURLConnection.

Obviously this is your project so there might be very valid reasons to keep these methods :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant