Potential Security Risk Due to Insecure TLS Connections in Cortex Project

[nyxfqq]

Issue Description

I've identified a recurring pattern within several components of the Cortex project where TLS connections are established with InsecureSkipVerify set to true. This configuration allows the client to bypass TLS certificate verification, which is a fundamental security measure designed to prevent man-in-the-middle (MITM) attacks and ensure data integrity and confidentiality. The specific locations where this insecure practice is observed include:

• cortexlabs/cortex/cli/cluster/lib_http_client.go in the makeOperatorRequest function
• cortexlabs/cortex/cli/cluster/logs.go in the streamLogs function
• cortexlabs/cortex/cli/cmd/lib_cli_config.go in the validateOperatorEndpoint function
• cortexlabs/cortex/dev/load.go in the makeRequest function
• cortexlabs/cortex/pkg/lib/requests/requests.go in the MakeRequest function

Impact Analysis

By disabling TLS certificate verification, these functions are vulnerable to MITM attacks, where an attacker could intercept and possibly modify the data exchanged between the client and the server. This poses significant risks to data integrity and confidentiality, potentially leading to data breaches or the execution of unauthorized operations on behalf of the client.

Proposed Solutions

To address this security vulnerability, I propose the following actions:

1. Enable TLS Certificate Verification: By default, TLS connections should perform strict certificate verification. This ensures that the server's identity is confirmed before any sensitive data is transmitted.

2. Provide Configuration Options: Introduce configuration settings that allow users to specify their own TLS verification policies, including the ability to import trusted CA certificates or disable verification under controlled conditions.