Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Jinja2
- Jwt
- Lang
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Audit
Found a Pyramid cookie using an unsafe value for the samesite option. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control
Found a Pyramid Authentication Ticket cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration
Automatic check of the referrer for cross-site request forgery tokens has been explicitly disabled globally, which might leave views unprotected when an unsafe CSRF storage policy is used. Use ‘pyramid.config.Configurator.set_default_csrf_options(check_origin=True)’ to turn the automatic check for all unsafe methods (per RFC2616).
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control
Found a Pyramid Authentication Ticket cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Found a Pyramid cookie using an unsafe default for the httponly option. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration
Origin check for the CSRF token is disabled for this view. This might represent a security risk if the CSRF storage policy is not known to be secure.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control
Found a Pyramid Authentication Ticket cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Found a Pyramid cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Found a Pyramid cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Found a Pyramid Authentication Ticket without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control
Found a Pyramid cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration
Found a Pyramid cookie without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control
Found a Pyramid Authentication Ticket cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration
CSRF protection is disabled for this view. This is a security risk.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control