From b08ae44cc1c52ea792af9e74b25a3a1c12adbc6e Mon Sep 17 00:00:00 2001
From: Ramakrishna Prabhu <ramakrishnap@nvidia.com>
Date: Wed, 15 Apr 2026 14:51:28 -0500
Subject: [PATCH] fix(security): remove insecure SSL verification bypass in
 dataset downloaders

Remove ssl.CERT_NONE and check_hostname=False bypass for plato.asu.edu
URLs. The site has a valid SSL certificate so the bypass is unnecessary.

Fixes SonarQube vulnerabilities:
  - python:S4830 (server certificate verification disabled)
  - python:S5527 (server hostname verification disabled)
---
 benchmarks/linear_programming/utils/get_datasets.py | 10 +---------
 regression/get_datasets.py                          | 10 +---------
 2 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/benchmarks/linear_programming/utils/get_datasets.py b/benchmarks/linear_programming/utils/get_datasets.py
index 29d23e57de..2966b2f14b 100644
--- a/benchmarks/linear_programming/utils/get_datasets.py
+++ b/benchmarks/linear_programming/utils/get_datasets.py
@@ -5,7 +5,6 @@
 import argparse
 import urllib.request
 import urllib.parse
-import ssl
 import subprocess
 
 
@@ -632,14 +631,7 @@ def download(url, dst):
     if os.path.exists(dst):
         return
     print(f"Downloading {url} into {dst}...")
-    # Bypass SSL verification for plato.asu.edu URLs
-    if "plato.asu.edu" in url:
-        context = ssl.create_default_context()
-        context.check_hostname = False
-        context.verify_mode = ssl.CERT_NONE
-        response = urllib.request.urlopen(url, context=context)
-    else:
-        response = urllib.request.urlopen(url)
+    response = urllib.request.urlopen(url)
     data = response.read()
     with open(dst, "wb") as fp:
         fp.write(data)
diff --git a/regression/get_datasets.py b/regression/get_datasets.py
index bb2a9f23d3..d267551885 100644
--- a/regression/get_datasets.py
+++ b/regression/get_datasets.py
@@ -5,7 +5,6 @@
 import sys
 import urllib.request
 import urllib.parse
-import ssl
 import subprocess
 
 
@@ -824,14 +823,7 @@ def download(url, dst):
     if os.path.exists(dst):
         return
     print(f"Downloading {url} into {dst}...")
-    # Bypass SSL verification for plato.asu.edu URLs
-    if "plato.asu.edu" in url:
-        context = ssl.create_default_context()
-        context.check_hostname = False
-        context.verify_mode = ssl.CERT_NONE
-        response = urllib.request.urlopen(url, context=context)
-    else:
-        response = urllib.request.urlopen(url)
+    response = urllib.request.urlopen(url)
     data = response.read()
     with open(dst, "wb") as fp:
         fp.write(data)