← all rules
code/py-tls-verify-disabled
TLS verification disabled in HTTP client
What it detects
Passing verify=False to requests/httpx skips certificate validation and exposes the call to MitM. Configure the CA bundle (REQUESTS_CA_BUNDLE / verify='/path/to/ca.pem') instead.
How it runs
Applied line-by-line via a tagged regex with language-specific gating. Comments are skipped. Designed for high-confidence patterns where AST parsing would be overkill.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.