Open lialon opened 1 month ago
In the "haipproxy/examples/zhihu/crawler.py", I have identified a security vulnerability about insecure Verification. Bypassing certificate verification or accepting all host names are considered insecure.
https://github.com/SpiderClub/haipproxy/blob/master/examples/zhihu/crawler.py#L64
resp = requests.get(url, headers=self.headers, proxies=proxy, timeout=self.timeout, verify=False)
There should be proper verification.
Description:
In the "haipproxy/examples/zhihu/crawler.py", I have identified a security vulnerability about insecure Verification. Bypassing certificate verification or accepting all host names are considered insecure.
Location:
https://github.com/SpiderClub/haipproxy/blob/master/examples/zhihu/crawler.py#L64
Reference
Recommendations:
There should be proper verification.