request-verify

Try in Playground
python-securityUnknownInformational

0

No tags

No CWE or CVE

Ast Rule: function call


request-verify

How to write a rule
function visit(node) {
  if(!node.arguments || !node.arguments.values || !node.context) {
    return;
  }
  
  const functions = ["post", "get", "put", "patch"];
  
  if (! node.functionName || !functions.includes(node.functionName.value)) {
    return;
  }
  
  const arguments = node.arguments.values;
  const nbArguments = node.arguments.values.length;
  const allPackages = node.context.imports.filter(r => r.packages).flatMap(i => i.packages.map(p => p.name.str));
  const useRequestsPackage = allPackages.filter(i => i === "requests").length > 0;


  const hasVerify = node.arguments.values.filter(a => a.name && a.name.value === "verify" && a.value && a.value.value === "False").length > 0;
  
  functions.forEach(functionName => {
    const importFrom = node.context.imports
    	.filter(r => r.pkg && r.pkg.value === "requests" && r.elements && r.elements.filter(e => e.name).map(e => e.name.value).includes(functionName));
		const useImportFrom = importFrom.length > 0;

    if((useRequestsPackage && hasVerify && node.moduleOrObject && node.functionName && node.functionName.value === functionName && node.moduleOrObject.value === "requests")
      || (useImportFrom && node.functionName.value === functionName && hasVerify)){
    const error = buildError(node.start.line, node.start.col, node.end.line, node.end.col, "verify parameter is False", "CRITICAL", "SECURITY");
    const verifyArgument = node.arguments.values.filter(a => a.name && a.name.value == "verify")[0];

    const edit = buildEditUpdate(verifyArgument.value.start.line, verifyArgument.value.start.col, 
                                verifyArgument.value.end.line, verifyArgument.value.end.col, "True");
    const fix = buildFix("replace with True", [edit]);
    addError(error.addFix(fix));
  }
  });
  
}

verify-true.py

Expected test result: no error

from requests import get
r = get(w)
r = get(w, timeout=10, verify=True)

test-import-from.py

Expected test result: has error

from requests import get
r = get(w, verify=False)
r = get(w, verify=False, timeout=10)

no-verify.py

Expected test result: no error

from requests import get
r = get(w)
r = get(w, timeout=10)
Add comment

Log in to add a comment


    Be the first one to leave a comment!

Codiga Logo
Codiga Hub
  • Rulesets
  • Explore
  • Cookbooks
  • Playground
soc-2 icon

We are SOC-2 Compliance Certified

G2 high performer medal

Codiga – All rights reserved 2022.