fix: enable TLS certificate verification across all scanners and crawler#1736
fix: enable TLS certificate verification across all scanners and crawler#1736namann5 wants to merge 3 commits into
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
utksh1
left a comment
There was a problem hiding this comment.
The TLS-verification goal is important, but this PR needs cleanup before merge:\n\n1. Split out unrelated packaging/CI files from the TLS fix. The title says TLS verification, but the PR also changes dependency declarations and CI-related files.\n2. Add focused tests for the new verification setting / behavior so we know scanners and crawler keep working with verification enabled by default and configurable overrides.\n3. Keep the PR scoped to the actual TLS-certificate verification change only.\n\nOnce the scope is clean and there is direct regression coverage, this will be much easier to merge.
2dffe77 to
b736888
Compare
|
Scope cleaned — The branch fix/tls-verification-disabled now contains only the TLS-certificate verification change (1 commit, 5 files, +10/-4 lines). The unrelated commit (deps sync + CodeQL workflow) was already isolated on fix/missing-dependencies-and-codeql.
|
utksh1
left a comment
There was a problem hiding this comment.
The TLS-verification goal is important, but this PR bundles unrelated dependency changes (changing httpx[cli] to plain httpx) and CI files. Please split out the unrelated packaging changes and add focused tests for the new verification behavior so we know scanners still work with verification enabled by default.
SECUSCAN-001 (Critical): TLS certificate verification was globally disabled with verify=False in 4 locations (crawler, XSS scanner, API scanner, network vulnerability scanner), leaving all outbound HTTPS connections vulnerable to MITM attacks. Added verify_ssl: bool = True to Settings (configurable via SECUSCAN_VERIFY_SSL env var) and updated all httpx.AsyncClient calls to reference it.
Covers Settings.verify_ssl default and env override, verifies each scanner (crawler, API, XSS, network vuln) passes the setting to httpx.AsyncClient, and asserts no hardcoded verify=False remains in the patched files.
98feefc to
8fd336b
Compare
|
Split the PR — unrelated pyproject.toml/codeql changes removed, only the TLS fix remains. Added 15 focused tests in test_tls_verification.py covering the config default, env override, each scanner passing the setting through to httpx, and a static check that no hardcoded verify=False is left. All green, ready for another look. |
Description
Fixes critical security vulnerability where TLS certificate verification was globally disabled across the entire scanning pipeline.
Changes
Tests
Added esting/backend/unit/test_tls_verification.py (15 tests):
Impact
All outbound HTTPS connections now verify TLS certificates by default, preventing Man-in-the-Middle attacks against scanner operations. Operators can still disable verification for development via SECUSCAN_VERIFY_SSL=false.
Verification
uff check)
Closes #1735