Qt-Security-QNetworkReplyIgnoreSslErrors

Check QNetworkReply::ignoreSslErrors

Required inputs: IR

Flags all calls to QNetworkReply::ignoreSslErrors() and QNetworkReply::ignoreSslErrors(const QList&) of the Qt framework. These methods ignore SSL errors, which poses a security risk and should be avoided. The latter method is less severe, as it only ignores specific SSL errors.

Possible Messages

Key	Text	Severity	Disabled
ignore_all_ssl_errors	Found dangerous call to {}().	None	False
ignore_some_ssl_errors	Found call to {}(const QList<QSslError>&).	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

flag_individual_errors

flag_individual_errors : bool = True

If set to false, only errors to ignoreSslErrors() are reported (ignoring individual SSL errors is okay). If set to true, also calls to ignoreSslErrors(const QList&) are reported, which may be considered less severe, as they only ignore specific SSL errors.