Hello Python developers,
The latest updates on Python analyzer help you make your Python code more secure and compliant with OWASP Top 10 2017. Here are the 10 new rules:
Vulnerability Detection:
- S3649: Database queries should not be vulnerable to injection attacks (A1 - Blocker)
- S2115: Databases should be password-protected (A3 - Blocker)
- S5527: Server hostnames should be verified during SSL/TLS connections (A3, A6 - Critical)
- S2053: Hashes should include an unpredictable salt (A3 - Critical)
Security Hotspot Detection:
- S2068: Hard-coded credentials are security-sensitive (A2)
- S5300: Sending emails is security-sensitive (A1)
- S5042: Expanding archive files is security-sensitive (A5)
- S5122: Enabling Cross-Origin Resource Sharing (CORS) is security-sensitive (A6)
- S2092: Creating cookies without the “secure” flag is security-sensitive (A3)
- S3330: Creating cookies without the “HttpOnly” flag is security-sensitive (A7)
These features are already available on SonarCloud, and will be included in SonarQube 8.2.
Alex