Add new rule to check for context=None in starttls or IMAP4_SSL
Closed this issue · 0 comments
ericwb commented
Is your feature request related to a problem? Please describe.
The default behavior of the IMAP4_SSL function is to use ssl._create_unverified_context if the context parameter is None. Therefore, a proper context should always be passed.
Describe the solution you'd like
Add rule to detect IMAP4_SSL or starttls() if context is None.
Suggest fix to use ssl.create_default_context
Describe alternatives you've considered
n/a
Additional context
- https://docs.python.org/3/library/imaplib.html#imaplib.IMAP4_SSL
- https://docs.python.org/3/library/imaplib.html#imaplib.IMAP4.starttls
- https://docs.python.org/3/library/ssl.html#best-defaults
- https://github.com/python/cpython/blob/3.12/Lib/imaplib.py#L1304
- https://github.com/python/cpython/blob/3.12/Lib/imaplib.py#L819
- https://github.com/python/cpython/blob/3.12/Lib/ssl.py#L780
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.