Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify SSL Certificates for Requests. #34

Merged

Conversation

pixeebot[bot]
Copy link
Contributor

@pixeebot pixeebot bot commented May 5, 2024

This codemod checks that calls to the requests module API or the httpx library use verify=True or a path to a CA bundle to ensure TLS certificate validation.

The requests documentation warns that the verify flag

When set to False, requests will accept any TLS certificate presented by the server, and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle (MitM) attacks. Setting verify to False may be useful during local development or testing.

Similarly, setting verify=False when using the httpx library to make requests disables certificate verification.

The changes from this codemod look like this:

  import requests
  
- requests.get("www.google.com", ...,verify=False)
+ requests.get("www.google.com", ...,verify=True)
...
import httpx
  
- httpx.get("www.google.com", ...,verify=False)
+ httpx.get("www.google.com", ...,verify=True)

This codemod also checks other methods in the requests module and httpx library that accept a verify flag (e.g. requests.post, httpx.AsyncClient, etc.)

More reading

I have additional improvements ready for this repo! If you want to see them, leave the comment:

@pixeebot next

... and I will open a new PR right away!

馃馃Powered by Pixeebot (codemod ID: pixee:python/requests-verify)

@udhayprakash udhayprakash merged commit a569333 into develop May 9, 2024
4 of 5 checks passed
@pixeebot pixeebot bot deleted the pixeebot/drip-2024-05-05-pixee-python/requests-verify branch May 9, 2024 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant