# TLS-001: Disabled Certificate Verification
#
# Python requests library with verify=False disables TLS certificate verification,
# allowing man-in-the-middle attacks.

[metadata]
id = "tls-001"
name = "TLS verification disabled in Python requests"
category = "tls"
language = "python"
difficulty = "easy"
source = "hand-curated"
created = "2025-02-05"
notes = "Classic security anti-pattern in Python HTTP clients"

[input]
filename = "api_client.py"
content = """
import requests

def fetch_data(url: str) -> dict:
    # Disable SSL verification for development
    response = requests.get(url, verify=False)
    return response.json()
"""

[expected]
must_contain = [
    { subject = "tls/cert_verification", predicate = "enabled", value = false, rationale = "verify=False explicitly disables certificate verification" }
]

must_not_contain = [
    { subject = "tls/cert_verification", predicate = "enabled", value = true, rationale = "Should not claim verification is enabled when it's disabled" }
]

[scoring]
weight = 1.0
min_confidence = 0.8