Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Django

      CORS_ORIGIN_ALLOW_ALL = True # Sensitive
      

      Flask

      from flask import Flask
      from flask_cors import CORS
      
      app = Flask(__name__)
      CORS(app, resources={r"/*": {"origins": "*", "send_wildcard": "True"}}) # Sensitive
      

      Compliant Solution

      Django

      CORS_ORIGIN_ALLOW_ALL = False # Compliant
      

      Flask

      from flask import Flask
      from flask_cors import CORS
      
      app = Flask(__name__)
      CORS(app, resources={r"/*": {"origins": "*", "send_wildcard": "False"}}) # Compliant
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tolun.ardahanli Tolun Ardahanli (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: