feat: Add allow_unverified option to disable SSL certificate verification

- Add allow_unverified parameter to socketdev constructor (defaults to False)
- Add set_allow_unverified method to API class
- Pass verify=not allow_unverified to requests.request() calls
- Add comprehensive unit tests for the new functionality
- Update README.rst with documentation for the new parameter
- Maintains backward compatibility with existing code

This allows users to disable SSL verification for testing environments
with self-signed certificates while keeping secure defaults for production.

Author: dacoburn

README.rst

@@ -20,7 +20,8 @@ Initializing the module
 **PARAMETERS:**
 
 - **token (str)** - The Socket API Key for your Organization
-- **Timeout (int)** - The number of seconds to wait before failing the connection
+- **timeout (int)** - The number of seconds to wait before failing the connection
+- **allow_unverified (bool)** - Whether to skip SSL certificate verification (default: False). Set to True for testing with self-signed certificates.
 
 Supported Functions
 -------------------

socketdev/__init__.py

@@ -44,11 +44,12 @@
 
 
 class socketdev:
-    def __init__(self, token: str, timeout: int = 1200):
+    def __init__(self, token: str, timeout: int = 1200, allow_unverified: bool = False):
         self.api = API()
         self.token = token + ":"
         self.api.encode_key(self.token)
         self.api.set_timeout(timeout)
+        self.api.set_allow_unverified(allow_unverified)
 
         self.dependencies = Dependencies(self.api)
         self.export = Export(self.api)

socketdev/core/api.py

@@ -25,13 +25,17 @@ def __init__(self):
         self.encoded_key = None
         self.api_url = "https://api.socket.dev/v0"
         self.request_timeout = 30
+        self.allow_unverified = False
 
     def encode_key(self, token: str):
         self.encoded_key = base64.b64encode(token.encode()).decode("ascii")
 
     def set_timeout(self, timeout: int):
         self.request_timeout = timeout
 
+    def set_allow_unverified(self, allow_unverified: bool):
+        self.allow_unverified = allow_unverified
+
     def do_request(
         self,
         path: str,
@@ -58,7 +62,8 @@ def format_headers(headers_dict):
         try:
 
             response = requests.request(
-                method.upper(), url, headers=headers, data=payload, files=files, timeout=self.request_timeout
+                method.upper(), url, headers=headers, data=payload, files=files, 
+                timeout=self.request_timeout, verify=not self.allow_unverified
             )
             request_duration = time.time() - start_time
 

socketdev/version.py

@@ -1 +1 @@
-__version__ = "3.0.17"
+__version__ = "3.0.18"

test_allow_unverified.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+"""
+Test script to demonstrate the new allow_unverified option in socketdev.
+
+This script shows how to initialize the Socket SDK with SSL verification
+disabled, which can be useful for testing against local or self-signed
+certificate environments.
+"""
+
+from socketdev import socketdev
+
+def test_allow_unverified_option():
+    """Test the allow_unverified option with different configurations."""
+    
+    print("Testing Socket SDK with allow_unverified option...")
+    
+    # Test 1: Default behavior (SSL verification enabled)
+    print("\n1. Default initialization (allow_unverified=False):")
+    sdk_default = socketdev(token="test-token")
+    print(f"   allow_unverified: {sdk_default.api.allow_unverified}")
+    print(f"   This means SSL certificates WILL be verified")
+    
+    # Test 2: Explicitly set allow_unverified=False
+    print("\n2. Explicit allow_unverified=False:")
+    sdk_verified = socketdev(token="test-token", allow_unverified=False)
+    print(f"   allow_unverified: {sdk_verified.api.allow_unverified}")
+    print(f"   This means SSL certificates WILL be verified")
+    
+    # Test 3: Set allow_unverified=True
+    print("\n3. Setting allow_unverified=True:")
+    sdk_unverified = socketdev(token="test-token", allow_unverified=True)
+    print(f"   allow_unverified: {sdk_unverified.api.allow_unverified}")
+    print(f"   This means SSL certificates will NOT be verified")
+    
+    # Test 4: Show how this affects the requests library verify parameter
+    print("\n4. How this translates to requests.request() verify parameter:")
+    print(f"   Default SDK: verify={not sdk_default.api.allow_unverified}")
+    print(f"   Unverified SDK: verify={not sdk_unverified.api.allow_unverified}")
+    
+    print("\nUsage example:")
+    print("   # For production use (default):")
+    print("   sdk = socketdev(token='your-api-key')")
+    print("")
+    print("   # For testing with self-signed certificates:")
+    print("   sdk = socketdev(token='your-api-key', allow_unverified=True)")
+
+if __name__ == "__main__":
+    test_allow_unverified_option()

tests/unit/test_socket_sdk_unit.py

@@ -36,6 +36,20 @@ def test_sdk_initialization(self):
         for component in expected_components:
             self.assertTrue(hasattr(sdk, component), f"SDK missing component: {component}")
 
+    def test_sdk_initialization_with_allow_unverified(self):
+        """Test that the SDK initializes correctly with allow_unverified option."""
+        # Test default behavior (allow_unverified=False)
+        sdk_default = socketdev(token="test-token")
+        self.assertFalse(sdk_default.api.allow_unverified)
+        
+        # Test with allow_unverified=True
+        sdk_unverified = socketdev(token="test-token", allow_unverified=True)
+        self.assertTrue(sdk_unverified.api.allow_unverified)
+        
+        # Test with explicit allow_unverified=False
+        sdk_verified = socketdev(token="test-token", allow_unverified=False)
+        self.assertFalse(sdk_verified.api.allow_unverified)
+
     def test_fullscan_params_creation(self):
         """Test FullScanParams dataclass creation and conversion."""
         params = FullScanParams(