gitlab.bandit.B501
385
Download Count*
License
Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.
Run Locally
Run in CI
Defintion
rules:
- id: bandit.B501
patterns:
- pattern-either:
- pattern: requests.put(..., verify=False, ...)
- pattern: requests.patch(..., verify=False, ...)
- pattern: requests.delete(..., verify=False, ...)
- pattern: requests.head(..., verify=False, ...)
- pattern: requests.options(..., verify=False, ...)
- pattern: requests.request(..., verify=False, ...)
- pattern: requests.get(..., verify=False, ...)
- pattern: requests.post(..., verify=False, ...)
message: |
Certificate verification has been explicitly disabled. This
permits insecure connections to insecure servers. Re-enable
certification validation.
metadata:
cwe: "CWE-295: Improper Certificate Validation"
owasp: "A3: Sensitive Data Exposure"
primary_identifier: bandit.B501
secondary_identifiers:
- name: Bandit Test ID B501
type: bandit_test_id
value: B501
license: MIT
severity: ERROR
languages:
- python
Short Link: https://sg.run/zk6n