AWS logo
Amazon CodeGuruDetector Library

Insecure connection using unencrypted protocol High

Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.

Detector ID
python/insecure-connection@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def ftp_connection_noncompliant():
2    import ftplib
3    # Noncompliant: insecure ftp used.
4    cnx = ftplib.FTP("ftp://anonymous@example.com")

Compliant example

1def ftp_connection_compliant():
2    import ftplib
3    # Compliant: secure ftp_tls used.
4    cnx = ftplib.FTP_TLS("ftp.example.com")