Python: Model certificate disabling in httpx

python/ql/test/library-tests/frameworks/httpx/test.py

@@ -1,4 +1,5 @@
 import httpx
+import ssl
 
 httpx.get("url") # $ clientRequestUrlPart="url"
 httpx.post("url") # $ clientRequestUrlPart="url"
@@ -23,3 +24,22 @@ async def async_test():
     response = await client.options("url") # $ clientRequestUrlPart="url"
     response = await client.request("method", url="url") # $ clientRequestUrlPart="url"
     response = await client.stream("method", url="url") # $ clientRequestUrlPart="url"
+
+# ==============================================================================
+# Disabling certificate validation
+# ==============================================================================
+
+httpx.get("url", verify=False) # $ clientRequestUrlPart="url" clientRequestCertValidationDisabled
+httpx.get("url", verify=0) # $ clientRequestUrlPart="url" clientRequestCertValidationDisabled
+httpx.get("url", verify=None) # $ clientRequestUrlPart="url" clientRequestCertValidationDisabled
+
+# A manually constructed SSLContext does not have safe defaults, so is effectively the
+# same as turning off SSL validation
+context = ssl.SSLContext()
+assert context.check_hostname == False
+assert context.verify_mode == ssl.VerifyMode.CERT_NONE
+
+httpx.get("url", verify=context) # $ clientRequestUrlPart="url" MISSING: clientRequestCertValidationDisabled
+
+client = httpx.Client(verify=False)
+client.get("url") # $ clientRequestUrlPart="url" clientRequestCertValidationDisabled