Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-enable certification validation #141

Open
dv4harr10 opened this issue Dec 29, 2023 · 0 comments
Open

Re-enable certification validation #141

dv4harr10 opened this issue Dec 29, 2023 · 0 comments
Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use

Comments

@dv4harr10
Copy link
Contributor

dv4harr10 commented Dec 29, 2023
edited
Loading

💡 Summary

For #140,
Certificate verification has been explicitly disabled (verify=false) @ src/tools/gophish_complete.py line 135; this permits insecure connections to insecure servers. Therefore, we should re-enable certification validation.

Developer note: There is already a comment in the code about this: comment line 133 to line 134:

Bandit complains about disabling the SSL certificate check, but we have
no choice here since we are using a self-signed certificate.
response = requests.get(url=url, verify=False) # nosec
@dv4harr10 dv4harr10 added the improvement This issue or pull request will add or improve functionality, maintainability, or ease of use label Dec 29, 2023
Yradio pushed a commit to Yradio/gophish-tools that referenced this issue Mar 16, 2024
@mcdonnnj
Merge pull request cisagov#141 from cisagov/documentation/grammar
338e3e1 
Delete duplicate word "are"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dv4harr10