Modify rule S5547: Add ssl module (#3113)

SonarSource · Nov 13, 2023 · 146e2fa · 146e2fa
1 parent 5e87343
commit 146e2fa
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc
@@ -99,6 +99,7 @@
 * PyJWT
 * python-jwt
 * python-jose
+* ssl
 // Docker
 * Wget
 // Cloudformation

diff --git a/rules/S5547/python/how-to-fix-it/ssl.adoc b/rules/S5547/python/how-to-fix-it/ssl.adoc
@@ -0,0 +1,30 @@
+== How to fix it in ssl
+
+=== Code examples
+
+include::../../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,python,diff-id=41,diff-type=noncompliant]
+----
+import ssl
+
+ciphers = 'RC4-SHA:RC4-MD5'
+ctx = ssl.create_default_context()
+ctx.set_ciphers(ciphers)  # Noncompliant
+----
+
+==== Compliant solution
+
+[source,python,diff-id=41,diff-type=compliant]
+----
+import ssl
+
+ctx = ssl.create_default_context()
+----
+
+=== How does this work?
+
+It is recommended to not override the ciphers but instead, use the secure
+default ciphers of the module, as they might change over time.
diff --git a/rules/S5547/python/rule.adoc b/rules/S5547/python/rule.adoc
@@ -16,6 +16,8 @@ include::how-to-fix-it/pycrypto.adoc[]
 
 include::how-to-fix-it/pydes.adoc[]
 
+include::how-to-fix-it/ssl.adoc[]
+
 == Resources
 
 include::../common/resources/standards.adoc[]