Do not make http calls without encryption
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: python-security/requests-http
Language: Python
Severity: Warning
Category: Security
CWE: 319
Description
Making a request with http enables attackers to listen to the traffic and obtain sensitive information. Use https:// instead.
Learn More
Non-Compliant Code Examples
def test1():
url1 = "http://api.tld"
requests.get(url1)
def test2():
url2 = "http://api.tld/user/{0}".format(user_id)
requests.get(url2)
def test3():
url3 = f"http://api.tld/user/{user_id}"
requests.get(url3)
requests.get(url4)
def test1():
requests.get("http://api.tld")
requests.get("http://api.tld/user/{0}".format(user_id))
requests.get(f"http://api.tld/user/{user_id}")
Compliant Code Examples
def download_stuff(identifier, data):
directory = "/tmp"
attachments = data.get("attachments", [])
attachment_url = attachments[0].get("attachment_url", "")
try:
response = requests.get(attachment_url, timeout=300)
response.raise_for_status()
except requests.exceptions.RequestException:
return (False, "")
def test1():
requests.get("https://api.tld")
requests.get("https://api.tld/user/{0}".format(user_id))
requests.get(f"https://api.tld/user/{user_id}")
Seamless integrations. Try Datadog Code Analysis
