mirror of
https://github.com/github/codeql.git
synced 2026-02-26 11:53:42 +01:00
27 lines
1018 B
Plaintext
27 lines
1018 B
Plaintext
/**
|
|
* @name Request without certificate validation
|
|
* @description Making a request without certificate validation can allow man-in-the-middle attacks.
|
|
* @kind problem
|
|
* @problem.severity error
|
|
* @security-severity 7.5
|
|
* @precision medium
|
|
* @id py/request-without-cert-validation
|
|
* @tags security
|
|
* external/cwe/cwe-295
|
|
*/
|
|
|
|
import python
|
|
private import semmle.python.dataflow.new.DataFlow
|
|
private import semmle.python.Concepts
|
|
private import semmle.python.ApiGraphs
|
|
|
|
from API::CallNode call, DataFlow::Node falseyOrigin, string verb
|
|
where
|
|
verb = HTTP::httpVerbLower() and
|
|
call = API::moduleImport("requests").getMember(verb).getACall() and
|
|
falseyOrigin = call.getNamedParameter("verify").getAValueReachingRhs() and
|
|
// requests treats `None` as the default and all other "falsey" values as `False`.
|
|
falseyOrigin.asExpr().(ImmutableLiteral).booleanValue() = false and
|
|
not falseyOrigin.asExpr() instanceof None
|
|
select call, "Call to requests." + verb + " with verify=$@", falseyOrigin, "False"
|