Feature: Added support for FTP_TLS (Weak Cryptography Issue)

[fazledyn-or]

Background

I'm a Software Security Engineer from OpenRefactory-Inc. We are working with OpenSSF on Project Alpha-Omega. While triaging your project, our bug fixing tool generated the following message-

In file: ftp.py, method: _start_connection, a clear-text protocol such as FTP, Telnet or SMTP is used. These protocols transfer data without any encryption, which expose applications to a large range of risks. iCR suggested that data should be transferred over only secure transport channels.

As a result, I've added the support for FTP_TLS from ftplib library into the codebase.

Test Status

I copied the test_ftp.py file and modified it for FTP_TLS. Currently all tests are passing.

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions. All contributed commits are already automatically signed off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).

• Git Commit SignOff documentation

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

[jschneier]

Thanks for the PR and nice to see how simple this nice addition is. I’ve commented on a better way I’d like to do this. As part of that change can you also slim down the test suite to just test these small additions, thanks!

[jschneier]

Thanks for the updates it's looking good - just a few more changes to the tests needed and then I think we're good to merge.

[jschneier]

@fazledyn-or just need to fix the lint issues then we are good to merge.