Github Organization Webhook With SSL Disabled

  • Query id: ce7c874e-1b88-450b-a5e4-cb76ada3c8a9
  • Query name: Github Organization Webhook With SSL Disabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Encryption
  • CWE: 732
  • URL: Github

Description

Check if insecure SSL is being used in the GitHub organization webhooks
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "github_organization_webhook" "positive1" {
  name = "web"

  configuration {
    url          = "https://google.de/"
    content_type = "form"
    insecure_ssl = true
  }

  active = false

  events = ["issues"]
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "github_organization_webhook" "negative1" {
  name = "web"

  configuration {
    url          = "https://google.de/"
    content_type = "form"
    insecure_ssl = false
  }

  active = false

  events = ["issues"]
}