Description

Detects when SSL certificate validation is disabled in Python requests library calls, which allows connections to servers with invalid certificates. This creates a risk of Man-in-the-Middle attacks where attackers can intercept and tamper with HTTPS traffic.

Detection Strategy

• Check for function calls to requests.get or requests.request methods

• Analyze if the function call includes verify=False parameter or disables certificate validation

• Look for parent context of these calls to confirm if SSL verification is explicitly disabled

• Report vulnerability when requests methods are called with certificate validation disabled

Vulnerable code example

import requests
import ssl

# Disables certificate validation, vulnerable to MITM attacks
requests.get("https://example.com", verify=False)

# Creates context that skips certificate validation
ctx = ssl._create_unverified_context()...

✅ Secure code example

import requests
import ssl

# Use default verify=True for proper certificate validation
requests.get("https://example.com")

# Create secure SSL context with certificate validation
ctx = ssl.create_default_context()  # Uses secure defaults including CERT_REQUIRED