should not bypass certificate verification このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください 。
このルールを試す ID: python-security/ssl-unverified-context
Language: Python
Severity: Notice
Category: Security
CWE : 295
Description The call to _create_unverified_context
from the ssl module bypass certificates verification. It should not be used and instead, certificates must be verified.
Non-Compliant Code Examples import xmlrpclib
import ssl
test = xmlrpclib . ServerProxy ( 'https://admin:bz15h9v9n@localhost:9999/API' ,
verbose = False , use_datetime = True ,
context = ssl . _create_unverified_context ())
test . list_satellites ()
Compliant Code Examples import xmlrpclib
import ssl
test = xmlrpclib . ServerProxy ( 'https://admin:bz15h9v9n@localhost:9999/API' ,
verbose = False , use_datetime = True )
test . list_satellites ()
import xmlrpclib
test = xmlrpclib . ServerProxy ( 'https://admin:bz15h9v9n@localhost:9999/API' ,
verbose = False , use_datetime = True ,
context = ssl . _create_unverified_context ())
test . list_satellites ()
Seamless integrations. Try Datadog Code Analysis