bandit icon indicating copy to clipboard operation
bandit copied to clipboard
verified publisher icon PyCQA

Not all use of ftplib is insecure

Open ericwb opened this issue 7 years ago • 2 comments

Some use of ftplib is properly secure. See https://docs.python.org/2/library/ftplib.html

Specifically using ftplib.FTP_TLS mode is okay, where as ftplib.FTP is not.

ericwb avatar Apr 27 '18 16:04 ericwb

@ericwb was this closed by mistake? At $work we're hitting this false positive in Bandit 1.7.5.

strugee avatar Jan 25 '24 20:01 strugee

Possibly. We do have the following that finds cases of ftplib calls, but it doesn't distinguish between FTP and FTP_TLS.

https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b321-ftplib

ericwb avatar Jan 25 '24 22:01 ericwb