Modify rule S5547: Add ssl module (#3113)

2023-11-13 13:52:29 +01:00 · 2023-11-13 13:52:29 +01:00 · 146e2fa2ee
commit 146e2fa2ee
parent 5e8734386e
3 changed files with 33 additions and 0 deletions
--- a/docs/header_names/allowed_framework_names.adoc
+++ b/docs/header_names/allowed_framework_names.adoc
@ -99,6 +99,7 @@
 * PyJWT
 * python-jwt
 * python-jose
+* ssl
 // Docker
 * Wget
 // Cloudformation
--- a/rules/S5547/python/how-to-fix-it/ssl.adoc
+++ b/rules/S5547/python/how-to-fix-it/ssl.adoc
@ -0,0 +1,30 @@
+== How to fix it in ssl
+
+=== Code examples
+
+include::../../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,python,diff-id=41,diff-type=noncompliant]
+----
+import ssl
+
+ciphers = 'RC4-SHA:RC4-MD5'
+ctx = ssl.create_default_context()
+ctx.set_ciphers(ciphers)  # Noncompliant
+----
+
+==== Compliant solution
+
+[source,python,diff-id=41,diff-type=compliant]
+----
+import ssl
+
+ctx = ssl.create_default_context()
+----
+
+=== How does this work?
+
+It is recommended to not override the ciphers but instead, use the secure
+default ciphers of the module, as they might change over time.
--- a/rules/S5547/python/rule.adoc
+++ b/rules/S5547/python/rule.adoc
@ -16,6 +16,8 @@ include::how-to-fix-it/pycrypto.adoc[]

 include::how-to-fix-it/pydes.adoc[]

+include::how-to-fix-it/ssl.adoc[]
+
 == Resources

 include::../common/resources/standards.adoc[]