Add new rule to check for no context being passed to FTP_TLS

securesauce / precli

Precaution CLI - command line static application security testing tool

https://precli.readthedocs.io/

Other

22 stars 3 forks source link

Add new rule to check for no context being passed to FTP_TLS #346

Closed ericwb closed 7 months ago

ericwb commented 7 months ago

If a context of unset or None is passed to FTP_TLS, the implementation will default to creating an unverified context. This means the client connection will not properly verify the server its connecting to.

Closes: #341