-
-
Notifications
You must be signed in to change notification settings - Fork 603
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not all use of ftplib is insecure #148
Labels
bug
Something isn't working
Comments
@ericwb was this closed by mistake? At $work we're hitting this false positive in Bandit 1.7.5. |
Possibly. We do have the following that finds cases of ftplib calls, but it doesn't distinguish between FTP and FTP_TLS. https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b321-ftplib |
ericwb
added a commit
to ericwb/bandit
that referenced
this issue
Jun 23, 2024
This change adds an FTP_TLS call to the examples. A high severity error is no longer reported as a result of the fix in PR PyCQA#1148 that explicitly now matches blacklist call qualified names rather than using a file glob. However, you will notice that there is one more high severity issue reported in the tests as a result of the import of ftplib.FTP_TLS because the blacklist import is only checking for "ftplib". Fixes: PyCQA#148 Signed-off-by: Eric Brown <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some use of ftplib is properly secure. See https://docs.python.org/2/library/ftplib.html
Specifically using ftplib.FTP_TLS mode is okay, where as ftplib.FTP is not.
The text was updated successfully, but these errors were encountered: