github
Python: Pycurl SSL Disabled
Pycurl is a library which provides curl binding in python. The original library is partially modelled in codeql. This PR adds support to test for SSL certificate validation when using pycurl.
Hello porcupineyhairs 👋
You have submitted this pull request as a bug bounty report in the github/securitylab repository and therefore this pull request has been put into draft state to give time for the GitHub Security Lab to assess the PR. When GitHub Security Lab has finished assessing your pull request, it will be marked automatically as Ready for review. Until then, please don't change the draft state.
In the meantime, feel free to make changes to the pull request. If you'd like to maximize payout for your this and future submissions, here are a few general guidelines, that we might take into consideration when reviewing a submission.
- the submission models widely-used frameworks/libraries
- the vulnerability modeled in the submission is impactful
- the submission finds new true positive vulnerabilities
- the submission finds very few false positives
- code in the submission is easy to read and will be easy to maintain
- documentation is written clearly, highlighting the impact of the issue it finds and is written without grammatical or other errors. The code samples clearly show the vulnerability
- the submission includes tests, change note etc.
Please note that these are guidelines, not rules. Since we have a lot of different types of submissions, the guidelines might vary for each submission.
Happy hacking!
Hi @porcupineyhairs - we would like to close the last remaining bug bounty PRs soon. Do you think you will keep on working on this PR?
@sylwia-budzynska Sorry for the delay. Last couple of weeks have been busy. I will get this cleared soon.
@yoff I have made the changes now. PTAL. However, for some reason, Codeql is giving me duplicate results when I run the original query.
