search

github / securitylab

Resources related to GitHub Security Lab
https://securitylab.github.com
MIT License
1.41k stars 245 forks source link

Python: Flask & Django Constant Secret Key initialization #766

Closed am0o0 closed 1 year ago

am0o0 commented 1 year ago

Query PR

https://github.com/github/codeql/pull/13561

Language

Python

CVE(s) ID list

CWE

CWE-287: Improper Authentication

Report

  1. Flask and Django require a Securely signed key for singing the session cookies. most of the time developers rely on load hardcoded secret keys from a config file or python code. this proves that the way of hardcoded secret can make problems when you forgot to change the constant secret keys.
  2. I used taint tracking from constants or nodes that provide default constant to an initialization of Flask and Django SECRET_KEY Value/Field.
  3. I did some sanitizations to reduce the FP rate as much as possible.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

definitely I will publish a blog post soon!

ghsecuritylab commented 1 year ago

Your submission is now in status Query review.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

ghsecuritylab commented 1 year ago

Your submission is now in status Final decision.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

xcorail commented 1 year ago

Created Hackerone report 2123678 for bounty 508102 : [766] Python: Flask & Django Constant Secret Key initialization

ghsecuritylab commented 1 year ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed