Bearer · elsapet · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024
diff --git a/.github/workflows/canary_integration_tests.yml b/.github/workflows/canary_integration_tests.yml
@@ -23,6 +23,7 @@ jobs:
             "javascript/express",
             "javascript/hapi",
             "javascript/lang",
+            "javascript/node",
             "javascript/react",
             "javascript/third_parties",
             "ruby/lang",

diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
@@ -30,6 +30,7 @@ jobs:
             "javascript/express",
             "javascript/hapi",
             "javascript/lang",
+            "javascript/node",
             "javascript/react",
             "javascript/third_parties",
             "ruby/lang",

diff --git a/rules/javascript/node/missing_tls_validation.yml b/rules/javascript/node/missing_tls_validation.yml
@@ -0,0 +1,24 @@
+patterns:
+  - $<_>.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+  - $<_>.env["NODE_TLS_REJECT_UNAUTHORIZED"] = "0";
+languages:
+  - javascript
+severity: warning
+metadata:
+  description: Missing TLS validation
+  remediation_message: |
+    ## Description
+
+    When establishing a connection, it is important to validate the SSL/TLS certificate in order to mitigate
+    man-in-the-middle attacks, data interception and related security risks.
+
+    Disabling SSL/TLS certification validation is a serious security risk that puts your application at risk.
+
+    ## Remediations
+
+    ❌ Do not set the NODE_TLS_REJECT_UNAUTHORIZED variable to zero
+
+  cwe_id:
+    - 295
+  id: javascript_node_missing_tls_validation
+  documentation_url: https://docs.bearer.com/reference/rules/javascript_node_missing_tls_validation
diff --git a/tests/javascript/node/missing_tls_validation/test.js b/tests/javascript/node/missing_tls_validation/test.js
@@ -0,0 +1,20 @@
+const {
+  createNewInvoker,
+  getEnvironment,
+} = require("../../../helper.js")
+const { ruleId, ruleFile, testBase } = getEnvironment(__dirname)
+
+describe(ruleId, () => {
+  const invoke = createNewInvoker(ruleId, ruleFile, testBase)
+
+  test("missing_tls_validation", () => {
+    const testCase = "app.js"
+
+    const results = invoke(testCase)
+
+    expect(results).toEqual({
+      Missing: [],
+      Extra: []
+    })
+  })
+})
diff --git a/tests/javascript/node/missing_tls_validation/testdata/app.js b/tests/javascript/node/missing_tls_validation/testdata/app.js
@@ -0,0 +1,13 @@
+function bad() {
+  // bearer:expected javascript_node_missing_tls_validation
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+}
+
+function bad2() {
+  // bearer:expected javascript_node_missing_tls_validation
+  process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = '0';
+}
+
+function ok() {
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1';
+}