ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ifeval not passing CI

Browse Source
This commit is contained in:
Egon Okerman 2024-03-13 16:55:16 +01:00
parent 51899b01b8
commit e57e13754a
No known key found for this signature in database
5 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rules/S4830/common/fix/cert-hostname-validation-overlap.adoc Normal file
View File

@ -0,0 +1 @@
As part of its certification validation, {cert_framework_context} also verifies the server hostname with the certificate chain.

4
rules/S4830/common/fix/code-rationale-setting.adoc
View File

@ -2,7 +2,3 @@ The certificate validation gets disabled by setting `{cert_variable_name}` to
`{cert_variable_unsafe_value}`. To enable validation set the value to `{cert_variable_unsafe_value}`. To enable validation set the value to
`{cert_variable_safe_value}` or do not set `{cert_variable_name}` at all to `{cert_variable_safe_value}` or do not set `{cert_variable_name}` at all to
use the secure default value. use the secure default value.
ifeval::[{cert_hostname_check_builtin} == true]
As part of its certification validation, {cert_framework_context} also verifies the server hostname with the certificate chain.
endif::[]

6
rules/S4830/python/how-to-fix-it/aiohttp.adoc
View File

@ -7,11 +7,13 @@ include::../../common/fix/code-rationale.adoc[]
:cert_variable_name: verify_ssl :cert_variable_name: verify_ssl
:cert_variable_unsafe_value: False :cert_variable_unsafe_value: False
:cert_variable_safe_value: True :cert_variable_safe_value: True
:cert_hostname_check_builtin: true
:cert_framework_context: aiohttp
include::../../common/fix/code-rationale-setting.adoc[] include::../../common/fix/code-rationale-setting.adoc[]
:cert_framework_context: aiohttp
include::../../common/fix/cert-hostname-validation-overlap.adoc[]
==== Noncompliant code example ==== Noncompliant code example
[source,python,diff-id=41,diff-type=noncompliant] [source,python,diff-id=41,diff-type=noncompliant]

6
rules/S4830/python/how-to-fix-it/httpx.adoc
View File

@ -7,11 +7,13 @@ include::../../common/fix/code-rationale.adoc[]
:cert_variable_name: verify :cert_variable_name: verify
:cert_variable_unsafe_value: False :cert_variable_unsafe_value: False
:cert_variable_safe_value: True :cert_variable_safe_value: True
:cert_hostname_check_builtin: true
:cert_framework_context: HTTPX
include::../../common/fix/code-rationale-setting.adoc[] include::../../common/fix/code-rationale-setting.adoc[]
:cert_framework_context: HTTPX
include::../../common/fix/cert-hostname-validation-overlap.adoc[]
==== Noncompliant code example ==== Noncompliant code example
[source,python,diff-id=31,diff-type=noncompliant] [source,python,diff-id=31,diff-type=noncompliant]

6
rules/S4830/python/how-to-fix-it/requests.adoc
View File

@ -7,11 +7,13 @@ include::../../common/fix/code-rationale.adoc[]
:cert_variable_name: verify :cert_variable_name: verify
:cert_variable_unsafe_value: False :cert_variable_unsafe_value: False
:cert_variable_safe_value: True :cert_variable_safe_value: True
:cert_hostname_check_builtin: true
:cert_framework_context: Requests
include::../../common/fix/code-rationale-setting.adoc[] include::../../common/fix/code-rationale-setting.adoc[]
:cert_framework_context: Requests
include::../../common/fix/cert-hostname-validation-overlap.adoc[]
==== Noncompliant code example ==== Noncompliant code example
[source,python,diff-id=11,diff-type=noncompliant] [source,python,diff-id=11,diff-type=noncompliant]