search

httpie / cli

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.
https://httpie.io
BSD 3-Clause "New" or "Revised" License
32.74k stars 3.68k forks source link

Suggested fixes by iCR, OpenRefactory, Inc. #1434

Closed openrefactory closed 1 year ago

openrefactory commented 1 year ago

This issue was detected in branch master of httpie project on the version with commit hash 810bb1. This is an instance of a weak cryptography issue.

Fixes for weak cryptography issues: In file: update_warnings.py, method: _fetch_updates, there is code that turns off certificate validation while establishing an SSL/TLS connection. According to CWE 295, if a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. iCR suggested that the certificate validation option should not be turned off.

This issue was detected by OpenRefactory's Intelligent Code Repair (iCR). We are running iCR on libraries in the PyPI repository to identify issues and fix them. More info at: pypi.openrefactory.com

codecov-commenter commented 1 year ago

Codecov Report

Base: 97.28% // Head: 94.59% // Decreases project coverage by -2.69% :warning:

Coverage data is based on head (a7d8c14) compared to base (4d7d6b6). Patch coverage: 90.94% of modified lines in pull request are covered.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #1434 +/- ## ========================================== - Coverage 97.28% 94.59% -2.70% ========================================== Files 67 109 +42 Lines 4235 7656 +3421 ========================================== + Hits 4120 7242 +3122 - Misses 115 414 +299 ``` | [Impacted Files](https://codecov.io/gh/httpie/httpie/pull/1434?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None) | Coverage Δ | | |---|---|---| | [httpie/output/ui/man\_pages.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-aHR0cGllL291dHB1dC91aS9tYW5fcGFnZXMucHk=) | `0.00% <0.00%> (ø)` | | | [httpie/output/ui/rich\_utils.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-aHR0cGllL291dHB1dC91aS9yaWNoX3V0aWxzLnB5) | `0.00% <0.00%> (ø)` | | | [tests/test\_binary.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF9iaW5hcnkucHk=) | `100.00% <ø> (ø)` | | | [tests/test\_sessions.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF9zZXNzaW9ucy5weQ==) | `99.70% <ø> (-0.30%)` | :arrow_down: | | [tests/test\_ssl.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF9zc2wucHk=) | `92.59% <ø> (-2.35%)` | :arrow_down: | | [tests/test\_stream.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF9zdHJlYW0ucHk=) | `100.00% <ø> (ø)` | | | [tests/test\_tokens.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF90b2tlbnMucHk=) | `100.00% <ø> (ø)` | | | [tests/test\_update\_warnings.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF91cGRhdGVfd2FybmluZ3MucHk=) | `99.14% <ø> (ø)` | | | [tests/test\_uploads.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF91cGxvYWRzLnB5) | `96.70% <ø> (-3.30%)` | :arrow_down: | | [tests/test\_xml.py](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None#diff-dGVzdHMvdGVzdF94bWwucHk=) | `97.56% <ø> (-0.06%)` | :arrow_down: | | ... and [102 more](https://codecov.io/gh/httpie/httpie/pull/1434/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None) | | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=None)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.