Usage of insecure SMTP connection

• Rule ID: python_lang_insecure_smtp
• Languages: python
• Source: insecure_smtp.yml

Description

An insecure SMTP connection can expose transmitted data to unauthorized access. This rule identifies if SMTP settings are configured to enforce secure connections.

Remediations

• Do use the SMTP_SSL class to establish secure SMTP connections. This prevents unauthorized access to the data being transmitted.

  smtp = smtplib.SMTP_SSL("smtp.example.com")

References

• OWASP insecure transport

Associated CWE

• CWE-319: Cleartext Transmission of Sensitive Information

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_lang_insecure_smtp

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_lang_insecure_smtp