From 6920f9d2562fe3647a2a50e219978e544cb589a6 Mon Sep 17 00:00:00 2001 From: elsapet Date: Fri, 14 Jun 2024 17:13:05 +0200 Subject: [PATCH] fix: linter --- rules/python/django/cookie_missing_http_only.yml | 2 +- rules/python/lang/avoid_pickle.yml | 6 +++--- rules/python/lang/jwt_verification_bypass.yml | 5 ++--- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/rules/python/django/cookie_missing_http_only.yml b/rules/python/django/cookie_missing_http_only.yml index 977d9ee0..0cb49317 100644 --- a/rules/python/django/cookie_missing_http_only.yml +++ b/rules/python/django/cookie_missing_http_only.yml @@ -40,7 +40,7 @@ auxiliary: # ok if it is not False - pattern: $<_>($<...>httponly=$$<...>) filters: - - not: + - not: variable: "FALSE" detection: python_django_cookie_missing_http_only_false scope: cursor diff --git a/rules/python/lang/avoid_pickle.yml b/rules/python/lang/avoid_pickle.yml index 31994581..f984ac2b 100644 --- a/rules/python/lang/avoid_pickle.yml +++ b/rules/python/lang/avoid_pickle.yml @@ -45,13 +45,13 @@ auxiliary: values: [Unpickler] languages: - python -severity: +severity: critical metadata: description: Usage of unsafe Pickle libraries remediation_message: | ## Description - Using pickle, _pickle and cPickle can make your application vulnerable to unsafe code execution. This is because the deserialization logic of these libraries allows for arbitrary code execution. It is best practices to avoid these libraries and to use a safer serialization formats like JSON. + Using pickle, _pickle and cPickle can make your application vulnerable to unsafe code execution. This is because the deserialization logic of these libraries allows for arbitrary code execution. It is best practices to avoid these libraries and to use a safer serialization formats like JSON. ## Remediations @@ -69,6 +69,6 @@ metadata: - [OWASP Deserialization cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html) cwe_id: - - 501 + - 502 id: python_lang_avoid_pickle documentation_url: https://docs.bearer.com/reference/rules/python_lang_avoid_pickle diff --git a/rules/python/lang/jwt_verification_bypass.yml b/rules/python/lang/jwt_verification_bypass.yml index b1aedcf0..68ed2a65 100644 --- a/rules/python/lang/jwt_verification_bypass.yml +++ b/rules/python/lang/jwt_verification_bypass.yml @@ -11,8 +11,7 @@ patterns: - variable: MODULE1 values: [jwt] - variable: NAME - values: - - decode + values: [decode] - variable: OPTS detection: python_lang_jwt_verification_bypass_options auxiliary: @@ -21,7 +20,7 @@ auxiliary: - pattern: | { $<...>"verify_signature": $$<...> } filters: - - variable: FALSE + - variable: "FALSE" detection: python_lang_jwt_verification_bypass_false scope: cursor - id: python_lang_jwt_verification_bypass_false