verify should be True

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: python-security/request-verify

Language: Python

Severity: Error

Category: Security

Description

The verify parameter controls whether the SSL certificate should be verified during your server requests. It’s strongly recommended to set this parameter to True which is the default value. This rule will warn you when it’s detected False has been set.

Non-Compliant Code Examples

import requests

def fetch_data():
    r = requests.get(w, verify=False, timeout=5)
from requests import get
r = get(w, verify=False)  # verify should be True
r = get(w, verify=False, timeout=10)  # verify should be True

Compliant Code Examples

from requests import get
r = get(w)
r = get(w, timeout=10, verify=True)
from requests import get
r = get(w)
r = get(w, timeout=10)