- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: python-flask/cookie-injection
Language: Python
Severity: Error
Category: Security
CWE: 20
The rule “Avoid potential cookie injections” is important to prevent the exploitation of insecure handling of cookies in your application. Cookie injection attacks can lead to unauthorized access and alteration of user data, which may result in serious security breaches such as session hijacking and identity theft.
In the non-compliant code, the user input is directly used to set a cookie. This is insecure because an attacker could potentially inject malicious content into the cookie.
To avoid violating this rule, ensure that user input is properly sanitized before using it to set a cookie. In the compliant code, the user input is first passed through a HMAC function, which creates a fixed-size string based on the input and a secret key. This ensures that even if an attacker can control the input, they cannot control the output or reverse-engineer the key. The cookie is also set with the httponly
, secure
, and samesite
attributes to further enhance security.
import base64
from flask import request, make_response, redirect
def getLoginRequestUsername(request):
return request.form['username']
def createSuccessfulLoggedInResponse(request):
username = getLoginRequestUsername(request)
response = make_response(redirect("/panel"))
response.set_cookie("sessionid", base64.b64encode(username.encode()))
return response
import base64
import hmac
import hashlib
from flask import request, make_response, redirect
def get_login_request_username(request):
username = request.form.get('username')
if not username or len(username) > 150:
raise ValueError("Invalid username")
return username
def generate_session_id(username):
return base64.b64encode(
hmac.new(KEY, username.encode(), hashlib.sha256).digest()
).decode('utf-8')
def create_successful_logged_in_response(request):
username = get_login_request_username(request)
session_id = generate_session_id(username)
response = make_response(redirect("/panel"))
response.set_cookie(
"sessionid",
session_id,
httponly=True,
secure=True,
samesite='Lax'
)
return response