>/id SrSSKrSSKJr SSKJr \R "S5\R"S5S55rg)a ============================================= B501: Test for missing certificate validation ============================================= Encryption in general is typically critical to the security of many applications. Using TLS can greatly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS. When HTTPS request methods are used, certificates are validated automatically which is the desired behavior. If certificate validation is explicitly turned off Bandit will return a HIGH severity error. :Example: .. code-block:: none >> Issue: [request_with_no_cert_validation] Call to requests with verify=False disabling SSL certificate checks, security issue. Severity: High Confidence: High CWE: CWE-295 (https://cwe.mitre.org/data/definitions/295.html) Location: examples/requests-ssl-verify-disabled.py:4 3 requests.get('https://gmail.com', verify=True) 4 requests.get('https://gmail.com', verify=False) 5 requests.post('https://gmail.com', verify=True) .. seealso:: - https://security.openstack.org/guidelines/dg_move-data-securely.html - https://security.openstack.org/guidelines/dg_validate-certificates.html - https://cwe.mitre.org/data/definitions/295.html .. versionadded:: 0.9.0 .. versionchanged:: 1.7.3 CWE information added .. versionchanged:: 1.7.5 Added check for httpx module N)issue)test_propertiesCallB501c 1Skn1SkU-nURRS5SnUS:XaURU;dUS:XaURU;awURSS5(a_[R "[R [R [RRS US 3URS5S 9$ggg) N>getputheadpostpatchdeleteoptions>Clientstreamrequest AsyncClient.rrequestshttpxverifyFalsezCall to zD with verify=False disabling SSL certificate checks, security issue.)severity confidencecwetextlineno) call_function_name_qualsplitcall_function_namecheck_call_arg_valuebanditIssueHIGHrCweIMPROPER_CERT_VALIDATIONget_lineno_for_call_arg)context HTTP_VERBS HTTPX_ATTRSqualnames j/home/james-whalen/.local/lib/python3.13/site-packages/bandit/plugins/crypto_request_no_cert_validation.pyrequest_with_no_cert_validationr,6sNJ@:MK..44S9!r4sD +X/Vfr-