Add new rule to check for context=None in stls or POP3_SSL
ericwb opened this issue · 0 comments
ericwb commented
Is your feature request related to a problem? Please describe.
The default behavior of the POP3_SSL
function is to use ssl._create_unverified_context
if the context parameter is None. Therefore, a proper context should always be passed.
Describe the solution you'd like
Add rule to detect POP3_SSL
or stls()
if context is None.
Suggest fix to use ssl.create_default_context
Describe alternatives you've considered
n/a
Additional context
- https://docs.python.org/3/library/poplib.html#poplib.POP3_SSL
- https://docs.python.org/3/library/poplib.html#poplib.POP3.stls
- https://docs.python.org/3/library/ssl.html#best-defaults
- https://github.com/python/cpython/blob/3.12/Lib/poplib.py#L434
- https://github.com/python/cpython/blob/3.12/Lib/poplib.py#L408
- https://github.com/python/cpython/blob/3.12/Lib/ssl.py#L780
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.