search

PixeeSandbox / pygoat-defectdojo-bak

intentionally vuln web Application Security in django
https://appsec.asia
0 stars 0 forks source link

(DefectDojo) Use Safe Parameters in Django Response `set_cookie` Call #4

Closed pixeebot[bot] closed 5 months ago

pixeebot[bot] commented 5 months ago

Remediation

This change fixes findings identified by DefectDojo.

Details

This codemod sets the most secure parameters when Django applications call set_cookie on a response object. Without these parameters, your Django application cookies may be vulnerable to being intercepted and used to gain access to sensitive data.

The changes from this codemod look like this:

 from django.shortcuts import render
 def index(request):
   resp = render(request, 'index.html')
 - resp.set_cookie('custom_cookie', 'value')
 + resp.set_cookie('custom_cookie', 'value', secure=True, httponly=True, samesite='Lax')
   return resp

🧚🤖Powered by Pixeebot (codemod ID: defectdojo:python/django-secure-set-cookie)

pixeebot[bot] commented 5 months ago

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.