update requests-verify docs to document for httpx

pixee · Feb 6, 2024 · bf426a8 · bf426a8
1 parent df4c3e8
commit bf426a8
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/src/core_codemods/docs/pixee_python_requests-verify.md b/src/core_codemods/docs/pixee_python_requests-verify.md
@@ -1,8 +1,10 @@
-This codemod checks that calls to the `requests` module API use `verify=True` or a path to a CA bundle to ensure TLS certificate validation.
+This codemod checks that calls to the `requests` module API or the `httpx` library use `verify=True` or a path to a CA bundle to ensure TLS certificate validation.
 
 The [requests documentation](https://requests.readthedocs.io/en/latest/api/) warns that the `verify` flag
 > When set to False, requests will accept any TLS certificate presented by the server, and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle (MitM) attacks. Setting verify to False may be useful during local development or testing.
 
+Similarly, setting `verify=False` when using the `httpx` library to make requests disables certificate verification.
+
 The changes from this codemod look like this:
 
 
@@ -11,6 +13,12 @@ The changes from this codemod look like this:
 
 - requests.get("www.google.com", ...,verify=False)
 + requests.get("www.google.com", ...,verify=True)
+...
+import httpx
+
+- httpx.get("www.google.com", ...,verify=False)
++ httpx.get("www.google.com", ...,verify=True)
+
 ```
 
-This codemod also checks other methods in the `requests` module that accept a `verify` flag (e.g. `requests.post`, etc.)
+This codemod also checks other methods in the `requests` module and `httpx` library that accept a `verify` flag (e.g. `requests.post`, `httpx.AsyncClient`, etc.)
diff --git a/src/core_codemods/requests_verify.py b/src/core_codemods/requests_verify.py
@@ -14,13 +14,14 @@ class RequestsVerify(SimpleCodemod):
         review_guidance=ReviewGuidance.MERGE_AFTER_CURSORY_REVIEW,
         references=[
             Reference(url="https://requests.readthedocs.io/en/latest/api/"),
+            Reference(url="https://www.python-httpx.org/"),
             Reference(
                 url="https://owasp.org/www-community/attacks/Manipulator-in-the-middle_attack"
             ),
         ],
     )
     change_description = (
-        "Makes any calls to requests.{func} with `verify=False` to `verify=True`."
+        "Ensures requests using the `requests` or `httpx` library use `verify=True`."
     )
     detector_pattern = """
             rules: