Usage of insecure FTP connection
- Rule ID: python_lang_insecure_ftp
- Languages: python
- Source: insecure_ftp.yml
Description
Using insecure FTP connections can compromise the security of sensitive data. This vulnerability arises when applications that handle sensitive information communicate with FTP servers without secure protocols. Always verify that FTP connections in your application utilize SFTP for enhanced security.
Remediations
- Do use the
FTP_TLS
class to establish secure FTP connections. This function ensures that your connection to the FTP server is encrypted, protecting the data transmitted from potential interception or eavesdropping.ftp = FTP_TLS("ftp.example.com")
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=python_lang_insecure_ftp
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=python_lang_insecure_ftp