For https://github.com/cisagov/gophish-tools/pull/140,
Certificate verification has been explicitly disabled (verify=false) @ src/tools/gophish_complete.py line 135; this permits insecure connections to insecure servers. Therefore, we should re-enable certification validation.
Developer note: There is already a comment in the code about this: comment line 133 to line 134:
Bandit complains about disabling the SSL certificate check, but we have
no choice here since we are using a self-signed certificate.
response = requests.get(url=url, verify=False) # nosec
💡 Summary
For https://github.com/cisagov/gophish-tools/pull/140, Certificate verification has been explicitly disabled (verify=false) @ src/tools/gophish_complete.py line 135; this permits insecure connections to insecure servers. Therefore, we should re-enable certification validation.
Developer note: There is already a comment in the code about this: comment line 133 to line 134:
Bandit complains about disabling the SSL certificate check, but we have no choice here since we are using a self-signed certificate. response = requests.get(url=url, verify=False) # nosec