Hello Python developers,
Our Python analyzer was upgraded to detect 5 additional security problems:
- S5659: JWT should be signed and verified with strong cipher algorithms
- S3329: Cipher Block Chaining IV’s should be random and unique
- S2257: Using non-standard cryptographic algorithms is security-sensitive
- S2612: Setting loose POSIX file permissions is security-sensitive
- S3752: Allowing both safe and unsafe HTTP methods is security-sensitive
This is available now on SonarCloud and will come with SonarQube 8.8.
Alex