mirror of
https://github.com/github/codeql.git
synced 2026-02-26 20:03:51 +01:00
34 lines
957 B
Plaintext
34 lines
957 B
Plaintext
/**
|
|
* @name Request without certificate validation
|
|
* @description Making a request without certificate validation can allow man-in-the-middle attacks.
|
|
* @kind problem
|
|
* @problem.severity error
|
|
* @precision medium
|
|
* @id py/request-without-cert-validation
|
|
* @tags security
|
|
* external/cwe/cwe-295
|
|
*/
|
|
|
|
import python
|
|
|
|
import semmle.python.web.Http
|
|
|
|
|
|
FunctionObject requestFunction() {
|
|
result = ModuleObject::named("requests").attr(httpVerbLower())
|
|
}
|
|
|
|
/** requests treats None as the default and all other "falsey" values as False */
|
|
predicate falseNotNone(Object o) {
|
|
o.booleanValue() = false and not o = theNoneObject()
|
|
}
|
|
|
|
from CallNode call, FunctionObject func, Object falsey, ControlFlowNode origin
|
|
where
|
|
func = requestFunction() and
|
|
func.getACall() = call and
|
|
falseNotNone(falsey) and
|
|
call.getArgByName("verify").refersTo(falsey, origin)
|
|
|
|
select call, "Call to $@ with verify=$@", func, "requests." + func.getName(), origin, "False"
|