S501 (request-with-no-cert-validation) does not flag requests.request() with verify=False

[otakart-sv]

Summary

Description:

ruff check --select S501 correctly flags verify=False on convenience methods (requests.get(), requests.post(), etc.) but misses the same argument on requests.request(), which is the generic method all convenience methods delegate to.

Reproduction:

# Detected
requests.get("https://example.com", verify=False)

# Not detected
requests.request("GET", "https://example.com", verify=False)

Expected: Both calls should trigger S501.

Impact: Code using requests.request() with verify=False silently passes linting

[ntBre]

It looks like flake8-bandit has the same behavior, which is probably how we ended up with it:

❯ uvx --with flake8-bandit flake8 - <<EOF
∙ import requests

# Detected
requests.get("https://example.com", verify=False)

# Not detected
requests.request("GET", "https://example.com", verify=False)
∙ EOF
Unable to find qualified name for module: stdin
stdin:4:1: S501 Call to requests with verify=False disabling SSL certificate checks, security issue.
stdin:4:1: S113 Call to requests without timeout

but it does make sense to me to expand the rule.

[getehen]

Hi, I'll give it a shot