We have a free program analysis tool for Python based web projects, called Bento. While we were scanning GitHub projects for issues, it triggered a warning for cookie security best practices for your app.
Looks like you are calling resp.set_cookie() function in 8 specific places and most of them seem very trivial but the line 36 in SSDBAdmin/apps/index.py could leak information if an attacker were to intercept the cookie. I've set the secure, httponly, and samesite flags to minimize XSS attack risks. You can read about it here (https://techblog.topdesk.com/security/cookie-security/). You can also read about the Flask security considerations for cookies here: (https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options). Hopefully you'll find the PR useful.
Beyond that, Bento thinks your project is fairly clean. If you are curious, feel free to download Bento from https://bento.dev and take a look at it yourselves.
Hi there,
We have a free program analysis tool for Python based web projects, called Bento. While we were scanning GitHub projects for issues, it triggered a warning for cookie security best practices for your app.
Looks like you are calling
resp.set_cookie()function in 8 specific places and most of them seem very trivial but the line 36 in SSDBAdmin/apps/index.py could leak information if an attacker were to intercept the cookie. I've set thesecure,httponly, andsamesiteflags to minimize XSS attack risks. You can read about it here (https://techblog.topdesk.com/security/cookie-security/). You can also read about the Flask security considerations for cookies here: (https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options). Hopefully you'll find the PR useful.Beyond that, Bento thinks your project is fairly clean. If you are curious, feel free to download Bento from https://bento.dev and take a look at it yourselves.