From 146e2fa2ee098be18611c196a01544c3ea8a2365 Mon Sep 17 00:00:00 2001
From: hendrik-buchwald-sonarsource
 <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Date: Mon, 13 Nov 2023 13:52:29 +0100
Subject: [PATCH] Modify rule S5547: Add ssl module (#3113)

---
 .../header_names/allowed_framework_names.adoc |  1 +
 rules/S5547/python/how-to-fix-it/ssl.adoc     | 30 +++++++++++++++++++
 rules/S5547/python/rule.adoc                  |  2 ++
 3 files changed, 33 insertions(+)
 create mode 100644 rules/S5547/python/how-to-fix-it/ssl.adoc

diff --git a/docs/header_names/allowed_framework_names.adoc b/docs/header_names/allowed_framework_names.adoc
index 308236c363e..bc6efa6d52c 100644
--- a/docs/header_names/allowed_framework_names.adoc
+++ b/docs/header_names/allowed_framework_names.adoc
@@ -99,6 +99,7 @@
 * PyJWT
 * python-jwt
 * python-jose
+* ssl
 // Docker
 * Wget
 // Cloudformation
diff --git a/rules/S5547/python/how-to-fix-it/ssl.adoc b/rules/S5547/python/how-to-fix-it/ssl.adoc
new file mode 100644
index 00000000000..90e97fb1b73
--- /dev/null
+++ b/rules/S5547/python/how-to-fix-it/ssl.adoc
@@ -0,0 +1,30 @@
+== How to fix it in ssl
+
+=== Code examples
+
+include::../../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,python,diff-id=41,diff-type=noncompliant]
+----
+import ssl
+
+ciphers = 'RC4-SHA:RC4-MD5'
+ctx = ssl.create_default_context()
+ctx.set_ciphers(ciphers)  # Noncompliant
+----
+
+==== Compliant solution
+
+[source,python,diff-id=41,diff-type=compliant]
+----
+import ssl
+
+ctx = ssl.create_default_context()
+----
+
+=== How does this work?
+
+It is recommended to not override the ciphers but instead, use the secure
+default ciphers of the module, as they might change over time.
diff --git a/rules/S5547/python/rule.adoc b/rules/S5547/python/rule.adoc
index f8bbbcda6f5..1b3f23a132b 100644
--- a/rules/S5547/python/rule.adoc
+++ b/rules/S5547/python/rule.adoc
@@ -16,6 +16,8 @@ include::how-to-fix-it/pycrypto.adoc[]
 
 include::how-to-fix-it/pydes.adoc[]
 
+include::how-to-fix-it/ssl.adoc[]
+
 == Resources
 
 include::../common/resources/standards.adoc[]