hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: restrict attention to ss.wrap_socket

Browse Source
This commit is contained in:
Rasmus Lerchedahl Petersen
2021-03-01 16:35:21 +01:00
parent 8b68912c40
commit 38748f9e23
5 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/change-notes/2021-02-23-port-insecure-default-protocol.md
View File

@@ -1,2 +1,2 @@
lgtm,codescanning
* Changed the query that detects insecure SSL/TLS protocol creation from default values (`py/insecure-default-protocol`) to use the new API graphs. Python 3.4 introduced new ways to specify protocol version (through modifying the `options` field), which means that using the default value _can_ be secure (and if the usage is not secure, this should be reported by the `py/insecure-protocol` query). This query now reports results only in versions of Python prior to 3.4.
* Changed the query that detects insecure SSL/TLS protocol creation from default values (`py/insecure-default-protocol`) to use the new API graphs. Python 3.2 introduced so-called contexts to create connections from. These come with new ways to specify protocol version (through modifying the `options` field), which means that using the default value _can_ be secure (and if the usage is not secure, this should be reported by the `py/insecure-protocol` query). This query now reports results only for the deprecated way of creating connections without a context.