Add new rule to check for context=None in stls or POP3_SSL

securesauce / precli

Precaution CLI - command line static application security testing tool

https://precli.readthedocs.io/

Other

22 stars 3 forks source link

Add new rule to check for context=None in stls or POP3_SSL #351

Closed ericwb closed 7 months ago

ericwb commented 7 months ago

If a context of unset or None is passed to POP3_SSL, the implementation will default to creating an unverified context. This means the client connection will not properly verify the server its connecting to. The instance method of stls is also vulnerable.

Closes: #344