CSRF origin check disabled in Pyramid config

Description

CSRF protection is disabled by setting check_origin=False. This allows an attacker to perform Cross-Site Request Forgery attacks, potentially leading to unauthorized actions on behalf of the user.

Examples

Insecure Code

python

CONFIG.set_default_csrf_options(check_origin=False)

Secure Code

python

CONFIG.set_default_csrf_options(check_origin=True)

Remediation

Set check_origin=True to enforce origin checking for all unsafe methods.

Rule Details

Field	Value
ID	CODE-0810
Category	Web
Severity	MEDIUM
CWE	CWE-352
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	EASY
Tags	CSRF, security
OWASP	A01:2021-Broken Access Control

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

CSRF origin check disabled in Pyramid config

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

CSRF origin check disabled in Pyramid config ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

CSRF origin check disabled in Pyramid config

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details