Skip to main content

Cleartext Transmission of Sensitive Information in the websockets Module​

📐 PY529
đŸˇī¸ cleartext_transmission
â„šī¸ CWE-319
âš ī¸ Warning
🔒 Professional Plan

This rule detects the usage of insecure WebSocket connections in Python code. WebSocket connections initiated with the ws:// scheme are not encrypted, which can expose the communication to eavesdropping and tampering.

Example​

import websockets


websocket = websockets.connect("ws://example.com")

Remediation​

Replace the ws:// scheme with wss:// in the WebSocket connection URI to ensure the connection is encrypted.

import websockets


websocket = websockets.connect("wss://example.com")

False Positives​

In the case of a false positive the rule can be suppressed. Simply add a trailing or preceding comment line with either the rule ID (PY529) or rule category name (cleartext_transmission).

Fix Iconfix
import websockets


# suppress: PY529
websocket = websockets.connect("ws://example.com")

See also​