python.lang.security.audit.ftplib.ftplib
Community Favorite
semgrep
Author
48,169
Download Count*
License
FTP does not encrypt communications by default. This can lead to sensitive data being exposed. Ensure use of FTP here does not expose sensitive data.
Run Locally
Run in CI
Defintion
rules:
- id: ftplib
pattern: ftplib.$ANYTHING(...)
message: FTP does not encrypt communications by default. This can lead to
sensitive data being exposed. Ensure use of FTP here does not expose
sensitive data.
metadata:
source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L265
cwe:
- "CWE-319: Cleartext Transmission of Sensitive Information"
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
bandit-code: B321
references:
- https://docs.python.org/3/library/telnetlib.html
category: security
technology:
- ftplib
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Mishandled Sensitive Information
severity: WARNING
languages:
- python
Examples
ftplib.py
# cf. https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/examples/ftplib.py
from ftplib import FTP
# ruleid:ftplib
ftp = FTP('ftp.debian.org')
ftp.login()
ftp.cwd('debian')
ftp.retrlines('LIST')
ftp.quit()
Short Link: https://sg.run/7oyZ