PyImaplib

The imaplib module. IMAP4() uses plaintext; IMAP4_SSL is the encrypted variant. Any use of plain IMAP is a credential-over-plaintext finding.

1 sink1 sanitizer

Taint flow0 sources → 1 sanitizer → 1 sink

Sanitizers — blocks taint

.IMAP4_SSL()

Sinks — dangerous call

.IMAP4()Plaintext IMAP

Sinks

— dangerous functions taint must not reach

.IMAP4()Sink

Signature

imaplib.IMAP4(host='', port=143, timeout=None) -> IMAP4

Plaintext IMAP. Credentials transmitted unencrypted. Finding.

— functions that neutralize taint

.IMAP4_SSL()Sanitizer

Signature

imaplib.IMAP4_SSL(host='', port=993, *, ssl_context=None, timeout=None) -> IMAP4_SSL

IMAP over TLS. Safe.

tracks:return

FQN	Field
imaplib	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

rule.py

from codepathfinder.go_rule import PyImaplib