Closed openrefactory closed 1 year ago
Base: 97.28% // Head: 94.59% // Decreases project coverage by -2.69%
:warning:
Coverage data is based on head (
a7d8c14
) compared to base (4d7d6b6
). Patch coverage: 90.94% of modified lines in pull request are covered.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
This issue was detected in branch
master
ofhttpie
project on the version with commit hash810bb1
. This is an instance of a weak cryptography issue.Fixes for weak cryptography issues: In file:
update_warnings.py
, method:_fetch_updates
, there is code that turns off certificate validation while establishing anSSL/TLS
connection. According to CWE 295, if a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. iCR suggested that the certificate validation option should not be turned off.This issue was detected by OpenRefactory's Intelligent Code Repair (iCR). We are running iCR on libraries in the
PyPI
repository to identify issues and fix them. More info at: pypi.openrefactory.com