gitlab.bandit.B309

385

Download Count*

License

The HTTPSConnection API has changed frequently with minor releases of Python. Ensure you are using the API for your version of Python securely. For example, Python 3 versions prior to 3.4.3 will not verify SSL certificates by default. See https://docs.python.org/3/library/http.client.html#http.client.HTTPSConnection for more information.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B309
    patterns:
      - pattern-either:
          - pattern: httplib.HTTPSConnection(...)
          - pattern: http.client.HTTPSConnection(...)
          - pattern: six.moves.http_client.HTTPSConnection(...)
    message: >
      The HTTPSConnection API has changed frequently with minor releases of
      Python.

      Ensure you are using the API for your version of Python securely.

      For example, Python 3 versions prior to 3.4.3 will not verify SSL certificates by default.

      See https://docs.python.org/3/library/http.client.html#http.client.HTTPSConnection

      for more information.
    metadata:
      cwe: "CWE-295: Improper Certificate Validation"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B309
      secondary_identifiers:
        - name: Bandit Test ID B309
          type: bandit_test_id
          value: B309
      license: MIT
    severity: WARNING
    languages:
      - python

Short Link: https://sg.run/GWA6