backend
backend copied to clipboard
Introduced Safer SMTP Alternative: Added `SMTP_SSL`
Details
While triaging your project, our bug fixing tool generated the following message(s)-
In file: mail.py, method: send_email, a clear-text protocol such as FTP, Telnet or SMTP is used. These protocols transfer data without any encryption, which expose applications to a large range of risks. iCR suggested that data should be transferred over only secure transport channels.
Changes
- Added
SMTP_SSL
in send_email method with authentication - Removed FIXME tag for SMTP
Previously Found & Fixed
- https://www.github.com/google/timesketch/pull/2940
- https://www.github.com/nasa-gibs/onearth/pull/177
- https://www.github.com/geopython/pycsw/pull/917
CLA Requirements
This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.
All contributed commits are already automatically signed off.
The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information). - Git Commit SignOff documentation
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.