Derived from the flake8-bandit linter.
What it does#
Checks for uses of
Why is this bad?#
PEP 476 enabled certificate and hostname validation by default in Python standard library HTTP clients. Previously, Python did not validate certificates by default, which could allow an attacker to perform a "man in the middle" attack by intercepting and modifying traffic between client and server.
To support legacy environments,
ssl._create_unverified_context reverts to
the previous behavior that does perform verification. Otherwise, use
ssl.create_default_context to create a secure context.