Add new rule to check for context=None in nntp.starttls or NNTP_SSL
Closed this issue · 0 comments
ericwb commented
Is your feature request related to a problem? Please describe.
The default behavior of the NNTP_SSL
function is to use ssl._create_unverified_context
if the context parameter is None. Therefore, a proper context should always be passed.
Describe the solution you'd like
Add rule to detect NNTP_SSL
or starttls()
if context is None.
Suggest fix to use ssl.create_default_context
Describe alternatives you've considered
n/a
Additional context
- https://docs.python.org/3/library/nntplib.html#nntplib.NNTP_SSL
- https://docs.python.org/3/library/nntplib.html#nntplib.NNTP.starttls
- https://docs.python.org/3/library/ssl.html#best-defaults
- https://github.com/python/cpython/blob/3.12/Lib/nntplib.py#L294
- https://github.com/python/cpython/blob/3.12/Lib/ssl.py#L780
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.