CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
      • Airflow
      • Attr
      • Aws-lambda
      • Bokeh
      • Boto3
      • Cassandra
      • Click
      • Correctness
      • Couchbase
      • Cryptography
      • Distributed
      • Django
      • Docker
      • Elasticsearch
      • Fastapi
      • Flask
      • Jinja2
      • Jwt
      • Lang
      • Ldap3
      • Mariadb
      • Mysql
      • Mysqlclient
      • Neo4j
      • Openai
      • Peewee
      • Pg8000
      • Psycopg2
      • Pycryptodome
      • Pyjwt
      • Pymongo
      • Pymssql
      • Pymysql
      • Pyramid
        • Audit
        • Deserialization
        • Security
      • Redis
      • Requests
      • Sh
      • Sqlalchemy
      • Tormysql
      • Urllib3
      • Webrepl
      • Wtforms
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Pyramid

Audit

pyramid-set-cookie-samesite-unsafe-default

Found a Pyramid cookie using an unsafe value for the samesite option. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-httponly-unsafe-default

Found a Pyramid Authentication Ticket cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-csrf-origin-check-disabled-globally

Automatic check of the referrer for cross-site request forgery tokens has been explicitly disabled globally, which might leave views unprotected when an unsafe CSRF storage policy is used. Use ‘pyramid.config.Configurator.set_default_csrf_options(check_origin=True)’ to turn the automatic check for all unsafe methods (per RFC2616).
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-secure-unsafe-value

Found a Pyramid Authentication Ticket cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-httponly-unsafe-default

Found a Pyramid cookie using an unsafe default for the httponly option. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-csrf-origin-check-disabled

Origin check for the CSRF token is disabled for this view. This might represent a security risk if the CSRF storage policy is not known to be secure.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-secure-unsafe-default

Found a Pyramid Authentication Ticket cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-secure-unsafe-value

Found a Pyramid cookie without the secure option correctly set. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-secure-unsafe-default

Found a Pyramid cookie using an unsafe default for the secure option. Pyramid cookies should be handled securely by setting secure=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-authtkt-cookie-samesite

Found a Pyramid Authentication Ticket without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-set-cookie-httponly-unsafe-value

Found a Pyramid cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-set-cookie-samesite-unsafe-value

Found a Pyramid cookie without the samesite option correctly set. Pyramid cookies should be handled securely by setting samesite=‘Lax’ in response.set_cookie(…). If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1275: Sensitive Cookie with Improper SameSite Attribute
OWASP:
- A01:2021 - Broken Access Control

pyramid-authtkt-cookie-httponly-unsafe-value

Found a Pyramid Authentication Ticket cookie without the httponly option correctly set. Pyramid cookies should be handled securely by setting httponly=True. If this parameter is not properly set, your cookies are not properly protected and are at risk of being stolen by an attacker.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

pyramid-csrf-check-disabled

CSRF protection is disabled for this view. This is a security risk.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control
Python pymysql hardcoded secretTainted dill pyramid
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.