mirror of
https://github.com/github/codeql.git
synced 2026-06-15 09:51:09 +02:00
68d1c2d3e8
docs.python-requests.org seems to be a suspended domain. The replacement link is to the same Python requests library on readthedocs.io, and points to the ssl-cert-verification section.
37 lines
1.0 KiB
XML
37 lines
1.0 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
<overview>
|
|
<p>
|
|
Encryption is key to the security of most, if not all, online communication.
|
|
Using Transport Layer Security (TLS) can ensure that communication cannot be interrupted by an interloper.
|
|
For this reason, it is unwise to disable the verification that TLS provides.
|
|
Functions in the <code>requests</code> module provide verification by default, and it is only when
|
|
explicitly turned off using <code>verify=False</code> that no verification occurs.
|
|
</p>
|
|
</overview>
|
|
|
|
<recommendation>
|
|
<p>
|
|
Never use <code>verify=False</code> when making a request.
|
|
</p>
|
|
</recommendation>
|
|
|
|
<example>
|
|
<p>
|
|
The example shows two unsafe calls to <a href="https://semmle.com">semmle.com</a>, followed by various safe alternatives.
|
|
</p>
|
|
|
|
<sample src="examples/make_request.py" />
|
|
</example>
|
|
|
|
<references>
|
|
<li>
|
|
Python requests documentation: <a href="https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification">SSL Cert Verification</a>.
|
|
</li>
|
|
</references>
|
|
</qhelp>
|
|
|