minusworld.python-insecure-transport-starter

python.requests.security.disabled-cert-validation.disabled-cert-validation

semgrep

Certificate verification has been explicitly disabled. This permits insecure connections to insecure servers. Re-enable certification validation.

python.requests.security.no-auth-over-http.no-auth-over-http

semgrep

Authentication detected over HTTP. HTTP does not provide any encryption or protection for these authentication credentials. This may expose these credentials to unauthorized parties. Use 'https://' instead.

python.lang.security.audit.weak-ssl-version.weak-ssl-version

semgrep

An insecure SSL version was detected. TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated. Use 'ssl.PROTOCOL_TLSv1_2' or higher.

python.lang.security.unverified-ssl-context.unverified-ssl-context

semgrep

Unverified SSL context detected. This will permit insecure connections without verifying SSL certificates. Use 'ssl.create_default_context' instead.

python.lang.security.audit.network.http-not-https-connection.http-not-https-connection

semgrep

Detected HTTPConnectionPool. This will transmit data in cleartext. It is recommended to use HTTPSConnectionPool instead for to encrypt communications.

python.lang.security.audit.httpsconnection-detected.httpsconnection-detected

semgrep

The HTTPSConnection API has changed frequently with minor releases of Python. Ensure you are using the API for your version of Python securely. For example, Python 3 versions prior to 3.4.3 will not verify SSL certificates by default. See https://docs.python.org/3/library/http.client.html#http.client.HTTPSConnection for more information.

python.lang.security.audit.paramiko-implicit-trust-host-key.paramiko-implicit-trust-host-key

semgrep

Detected a paramiko host key policy that implicitly trusts a server's host key. Host keys should be verified to ensure the connection is not to a malicious server. Use RejectPolicy or a custom subclass instead.

python.lang.security.audit.ssl-wrap-socket-is-deprecated.ssl-wrap-socket-is-deprecated

semgrep

'ssl.wrap_socket()' is deprecated. This function creates an insecure socket without server name indication or hostname matching. Instead, create an SSL context using 'ssl.SSLContext()' and use that to wrap a socket.

python.lang.security.audit.telnetlib.telnetlib

semgrep

Telnet does not encrypt communications. Use SSH instead.

semgrep

The 'FTP' class sends information unencrypted. Consider using the 'FTP_TLS' class instead.

semgrep

Detected a request using 'http://'. This request will be unencrypted. Use 'https://' instead.

semgrep

Detected a request using 'http://'. This request will be unencrypted. Use 'https://' instead.

semgrep

Detected a request using 'http://'. This request will be unencrypted, and attackers could listen into traffic on the network and be able to obtain sensitive information. Use 'https://' instead.

semgrep

The 'ssl' module disables insecure cipher suites by default. Therefore, use of 'set_ciphers()' should only be used when you have very specialized requirements. Otherwise, you risk lowering the security of the SSL channel.

semgrep

Detected an unsecured transmission channel. 'OpenerDirector.open(...)' is being used with 'ftp://'. Information sent over this connection will be unencrypted. Consider using SFTP instead. urllib does not support SFTP, so consider a library which supports SFTP.

semgrep

Detected an unsecured transmission channel. 'OpenerDirector.open(...)' is being used with 'http://'. Use 'https://' instead to secure the channel.

semgrep

Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'ftp://'. This connection will not be encrypted. Consider using SFTP instead. urllib does not support SFTP natively, so consider using a library which supports SFTP.

semgrep

Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'http://'. This connection will not be encrypted. Use 'https://' instead.

semgrep

Detected 'urllib.urlopen()' using 'ftp://'. This request will not be encrypted. Consider using SFTP instead. urllib does not support SFTP, so consider switching to a library which supports SFTP.

semgrep

Detected 'urllib.urlopen()' using 'http://'. This request will not be encrypted. Use 'https://' instead.

semgrep

Detected an insecure transmission channel. 'URLopener.open(...)' is being used with 'ftp://'. Use SFTP instead. urllib does not support SFTP, so consider using a library which supports SFTP.

semgrep

Detected an unsecured transmission channel. 'URLopener.open(...)' is being used with 'http://'. Use 'https://' instead to secure the channel.

semgrep

Detected an insecure transmission channel. 'URLopener.retrieve(...)' is being used with 'ftp://'. Use SFTP instead. urllib does not support SFTP, so consider using a library which supports SFTP.

semgrep

Detected an unsecured transmission channel. 'URLopener.retrieve(...)' is being used with 'http://'. Use 'https://' instead to secure the channel.

semgrep

Detected 'urllib.urlretrieve()' using 'ftp://'. This request will not be encrypted. Use SFTP instead. urllib does not support SFTP, so consider switching to a library which supports SFTP.

semgrep

Detected 'urllib.urlretrieve()' using 'http://'. This request will not be encrypted. Use 'https://' instead.