In the "beeswithmachineguns/beeswithmachineguns/bees.py", I have identified security vulnerabilities about insecure SSL/TLS Verification and configuration. Bypassing certificate verification or accepting all host names are considered insecure. "ssl._create_unverified_context()" shouldn't be used to create SSL/TLS context.
Description:
In the "beeswithmachineguns/beeswithmachineguns/bees.py", I have identified security vulnerabilities about insecure SSL/TLS Verification and configuration. Bypassing certificate verification or accepting all host names are considered insecure. "ssl._create_unverified_context()" shouldn't be used to create SSL/TLS context.
Location:
https://github.com/newsapps/beeswithmachineguns/blob/master/beeswithmachineguns/bees.py#L393
https://github.com/newsapps/beeswithmachineguns/blob/master/beeswithmachineguns/bees.py#L942
Reference
Recommendations:
Use a SECURE SSL context with proper verification.