sdk/python/HTTP Clients/PyFtplib
HTTP Clients

PyFtplib

The ftplib module for FTP (insecure plaintext protocol). FTP() connects unencrypted; FTP_TLS is the secure variant. Any use of the plain FTP class is a finding for sensitive data flows.

1 sink1 sanitizer
Taint flow0 sources 1 sanitizer → 1 sink
Sanitizers — blocks taint
.FTP_TLS()
Sinks — dangerous call
.FTP()

Sinks

.FTP()Sink
#
Signature
ftplib.FTP(host='', user='', passwd='', acct='', timeout=...) -> FTP

Opens a plaintext FTP session. Finding — credentials transmitted unencrypted.

Sanitizers

.FTP_TLS()Sanitizer
#
Signature
ftplib.FTP_TLS(host='', user='', passwd='', ...) -> FTP_TLS

Opens an FTPS session. Secure replacement.

tracks:return

Fully-Qualified Names

FQNField
ftplibfqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

rule.py
from codepathfinder.go_rule import PyFtplib
Next →PyHttpClient