[defectdojo] Adding SSL verification management

RedHatProductSecurity / rapidast

RapiDAST enables simple, continuous and fully automated application security testing

Apache License 2.0

59 stars 39 forks source link

[defectdojo] Adding SSL verification management #144

Closed cedricbu closed 1 year ago

cedricbu commented 1 year ago

Either:

REQUESTS_CA_BUNDLE points to the CA bundle
config.defectDojo.ssl is:
- False: verification is optional
- True: verification is mandatory (default behavior)
- path to CA bundle: verification is mandatory, and this bundle is used

jeremychoi commented 1 year ago

I suggest adding tests. Also, the existing test failed.

cedricbu commented 1 year ago

fixed & added pytests

let's discuss separately the best solution for the username/password. I can think of 3 ways :

increase the pylint argument limit (locally on this function or globally) and split into 2 arguments ?
assume the function will always be called correctly and simply remove the try/except ?
leave it as it is, possibly rewording the message ?

jeremychoi commented 1 year ago

leave it as it is, possibly rewording the message ?

+1. in fact, I like the change of combining password into one. Just wanted to point out that the failing test code needs to be updated according to the change.