Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Message:
      Hide
      Using {protocol.insecure} protocol is insecure. Use {protocol.alternatives} instead.
      Make sure STARTTLS is used to upgrade to a secure connection using SSL/TLS.
      Show
      Using {protocol.insecure} protocol is insecure. Use {protocol.alternatives} instead. Make sure STARTTLS is used to upgrade to a secure connection using SSL/TLS.
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      url = "http://example.com" # Sensitive
      url = "ftp://anonymous@example.com" # Sensitive
      url = "telnet://anonymous@example.com" # Sensitive
      
      import telnetlib
      cnx = telnetlib.Telnet("towel.blinkenlights.nl") # Sensitive
      
      import ftplib
      cnx = ftplib.FTP("ftp.example.com") # Sensitive
      
      import smtplib
      smtp = smtplib.SMTP("smtp.example.com", port=587) # Sensitive
      

      Compliant Solution

      url = "https://example.com" # Compliant
      url = "sftp://anonymous@example.com" # Compliant
      url = "ssh://anonymous@example.com" # Compliant
      
      import ftplib
      cnx = ftplib.FTP_TLS("ftp.example.com") # Compliant
      
      import smtplib
      smtp = smtplib.SMTP("smtp.example.com", port=587) # Compliant
      smtp.starttls(context=context)
      
      smtp_ssl = smtplib.SMTP_SSL("smtp.gmail.com", port=465) # Compliant
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            pierre-loup.tristant Pierre-Loup Tristant
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: