Audit - CodeAnt AI

pyramid-set-cookie-samesite-unsafe-default

Found a Pyramid cookie using an unsafe value for the samesite option. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-httponly-unsafe-default

Found a Pyramid Authentication Ticket cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-csrf-origin-check-disabled-globally

Automatic check of the referrer for cross-site request forgery tokens has been explicitly disabled globally, which might leave views unprotected when an unsafe CSRF storage policy is used. Use ‘pyramid.config.Configurator.set_default_csrf_options(check_origin=True)’ to turn the automatic check for all unsafe methods (per RFC2616).
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-secure-unsafe-value

Found a Pyramid Authentication Ticket cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-httponly-unsafe-default

Found a Pyramid cookie using an unsafe default for the httponly option. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-csrf-origin-check-disabled

Origin check for the CSRF token is disabled for this view. This might represent a security risk if the CSRF storage policy is not known to be secure.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-secure-unsafe-default

Found a Pyramid Authentication Ticket cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-secure-unsafe-value

Found a Pyramid cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-secure-unsafe-default

Found a Pyramid cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-authtkt-cookie-samesite

Found a Pyramid Authentication Ticket without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-set-cookie-httponly-unsafe-value

Found a Pyramid cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-samesite-unsafe-value

Found a Pyramid cookie without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-httponly-unsafe-value

pyramid-csrf-check-disabled

CSRF protection is disabled for this view. This is a security risk.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

Assistant

Responses are generated using AI and may contain mistakes.

Get Started