Qt-Security-QSslSocketIgnoreSslErrors¶

Check QSslSocket::ignoreSslErrors

Required inputs: IR

Qt's QSslSocket class provides the method QSslSocket::ignoreSslErrors() to ignore SSL errors that may be thrown during the TLS handshake. Ignoring SSL errors poses a security risk and should be avoided. This rule flags all calls to QSslSocket::ignoreSslErrors() and QSslSocket::ignoreSslErrors(const QList&) of the Qt framework. The latter method may be considered to be less severe, as it only ignores specific errors.

Possible Messages

Key	Text	Severity	Disabled
ignore_all_ssl_errors	Found dangerous call to {}().	None	False
ignore_some_ssl_errors	Found call to {}(const QList<QSslError>&).	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

flag_individual_errors¶

flag_individual_errors : bool = True

If set to false, only errors to ignoreSslErrors() are reported (ignoring individual SSL errors is okay). If set to true, also calls to ignoreSslErrors(const QList&) are reported, which may be considered less severe, as they only ignore specific SSL errors.

Axivion Suite 7.12.0

Navigation

Qt-Security-QSslSocketIgnoreSslErrors¶

Options¶

flag_individual_errors¶