Python analysis detects more OWASP Top 10 security issues

Hello Python developers,

The latest updates on Python analyzer help you make your Python code more secure and compliant with OWASP Top 10 2017. Here are the 10 new rules:

Vulnerability Detection:

  • S3649: Database queries should not be vulnerable to injection attacks (A1 - Blocker)
  • S2115: Databases should be password-protected (A3 - Blocker)
  • S5527: Server hostnames should be verified during SSL/TLS connections (A3, A6 - Critical)
  • S2053: Hashes should include an unpredictable salt (A3 - Critical)

Security Hotspot Detection:

  • S2068: Hard-coded credentials are security-sensitive (A2)
  • S5300: Sending emails is security-sensitive (A1)
  • S5042: Expanding archive files is security-sensitive (A5)
  • S5122: Enabling Cross-Origin Resource Sharing (CORS) is security-sensitive (A6)
  • S2092: Creating cookies without the “secure” flag is security-sensitive (A3)
  • S3330: Creating cookies without the “HttpOnly” flag is security-sensitive (A7)

These features are already available on SonarCloud, and will be included in SonarQube 8.2.