Merge "Added missing HTTP verbs to the requests checks"

bandit/plugins/crypto_request_no_cert_validation.py

@@ -20,12 +20,9 @@ from bandit.core.test_properties import *
 
 @checks('Call')
 def request_with_no_cert_validation(context):
-    if (
-        'requests' in context.call_function_name_qual and (
-            'get' in context.call_function_name or
-            'post' in context.call_function_name)
-    ):
-
+    http_verbs = ('get', 'options', 'head', 'post', 'put', 'patch', 'delete')
+    if ('requests' in context.call_function_name_qual and
+            context.call_function_name in http_verbs):
         if context.check_call_arg_value('verify', 'False'):
 
             return bandit.Issue(

examples/requests-ssl-verify-disabled.py

@@ -4,3 +4,13 @@ requests.get('https://gmail.com', verify=True)
 requests.get('https://gmail.com', verify=False)
 requests.post('https://gmail.com', verify=True)
 requests.post('https://gmail.com', verify=False)
+requests.put('https://gmail.com', verify=True)
+requests.put('https://gmail.com', verify=False)
+requests.delete('https://gmail.com', verify=True)
+requests.delete('https://gmail.com', verify=False)
+requests.patch('https://gmail.com', verify=True)
+requests.patch('https://gmail.com', verify=False)
+requests.options('https://gmail.com', verify=True)
+requests.options('https://gmail.com', verify=False)
+requests.head('https://gmail.com', verify=True)
+requests.head('https://gmail.com', verify=False)

tests/functional/test_functional.py

@@ -266,7 +266,7 @@ class FunctionalTests(testtools.TestCase):
 
     def test_requests_ssl_verify_disabled(self):
         '''Test for the `requests` library skipping verification.'''
-        expect = {'SEVERITY': {'HIGH': 2}, 'CONFIDENCE': {'HIGH': 2}}
+        expect = {'SEVERITY': {'HIGH': 7}, 'CONFIDENCE': {'HIGH': 7}}
         self.check_example('requests-ssl-verify-disabled.py', expect)
 
     def test_skip(self):