should not bypass certificate verification

This product is not supported for your selected Datadog site. ().

Metadata

ID: python-security/ssl-unverified-context

Language: Python

Severity: Notice

Category: Security

CWE: 295

Description

The call to _create_unverified_context from the ssl module bypass certificates verification. It should not be used and instead, certificates must be verified.

Non-Compliant Code Examples

import xmlrpclib import ssl  test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',                              verbose=False, use_datetime=True,                               context=ssl._create_unverified_context())  test.list_satellites()

Compliant Code Examples

import xmlrpclib import ssl  test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',                              verbose=False, use_datetime=True) test.list_satellites() 
import xmlrpclib  test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',                              verbose=False, use_datetime=True,                               context=ssl._create_unverified_context()) test.list_satellites()
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security