Pattern: No certificate validation for Requests method
Issue: -
This rule enforces to always verify SSL certificate for methods in Requests library. Certificates are validated by default which is the desired behavior.
Encryption in general is typically critical to the security of many applications. Using TLS can greatly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
Example of insecure code:
import requests
requests.get('https://www.openstack.org/', verify=False)Example of secure code:
import requests
requests.get('https://www.openstack.org/', verify=True)It is important to note that modules such as httplib within the Python standard library did not verify certificate chains until it was fixed in 2.7.9 release.