language: py
name: use-ftp-tls
message: Detected usage of `FTP` class which sends information unencrypted
category: security

pattern: >
  (call
    function: (attribute) @ftpFunc
  (#match? @ftpFunc "^(ftplib.FTP|FTP)$")) @use-ftp-tls

description: >
  The `FTP` class transmits data unencrypted, making it vulnerable to interception. Use `FTP_TLS` instead for a secure, encrypted connection.