Cleartext Transmission of Sensitive Information in the websockets Module

📐 PY529

🏷️ cleartext_transmission

ℹ️ CWE-319

⚠️ Warning

🔒 Professional Plan

---

This rule detects the usage of insecure WebSocket connections in Python code. WebSocket connections initiated with the ws:// scheme are not encrypted, which can expose the communication to eavesdropping and tampering.

Example

import websockets


websocket = websockets.connect("ws://example.com")

Remediation

Replace the ws:// scheme with wss:// in the WebSocket connection URI to ensure the connection is encrypted.

import websockets


websocket = websockets.connect("wss://example.com")

False Positives

In the case of a false positive the rule can be suppressed. Simply add a trailing or preceding comment line with either the rule ID (PY529) or rule category name (cleartext_transmission).

Using rule ID

fix

import websockets


# suppress: PY529
websocket = websockets.connect("ws://example.com")

Using category name

fix

import websockets


# suppress: cleartext_transmission
websocket = websockets.connect("ws://example.com")

See also

info

• websockets documentation
• Writing WebSocket client applications - Web APIs _ MDN
• CWE-319: Cleartext Transmission of Sensitive Information