{
  "id": "S015",
  "name": "Insecure TLS Certificate",
  "category": "security",
  "description": "S015 - Prevent usage of insecure TLS certificate configurations. Detects disabled certificate validation, self-signed certificate acceptance, and weak cipher configurations.",
  "severity": "error",
  "enabled": true,
  "semantic": {
    "enabled": true,
    "priority": "high",
    "fallback": "heuristic"
  },
  "patterns": {
    "include": ["**/*.js", "**/*.ts", "**/*.jsx", "**/*.tsx"],
    "exclude": [
      "**/*.test.js",
      "**/*.test.ts",
      "**/*.spec.js",
      "**/*.spec.ts",
      "**/node_modules/**",
      "**/dist/**",
      "**/build/**"
    ]
  },
  "analysis": {
    "approach": "ast-primary",
    "fallback": "regex-based",
    "depth": 1,
    "timeout": 4000
  },
  "validation": {
    "insecurePatterns": [
      "rejectUnauthorized: false",
      "NODE_TLS_REJECT_UNAUTHORIZED = '0'",
      "strictSSL: false",
      "checkServerIdentity: false"
    ],
    "weakCiphers": ["NULL", "RC4", "DES", "MD5", "EXPORT"],
    "frameworks": ["express", "nextjs", "nuxtjs", "nestjs", "fastify", "koa", "axios", "request"]
  }
}