Bento blog

Bento check: Detecting authentication credentials leaked over HTTP

by Grayson Hardaway

A check for the Requests library to detect credentials sent over HTTP

Bento 0.9: Checks for a high-severity Python vulnerability and Jinja templates

by Pablo Estrada

Catch a high-severity Python vuln and new checks for Jinja templates

Bento check: Catch catastrophic backtracking ReDoS bugs

by Matt Schwager

Find severe regular expression denial-of-service bugs in Python using Bento

Bento 0.8: Updated workflows and new specialty checks

by Luke O'Malley

Changes to Bento’s default behavior integrate it more smoothly into your workflow

Using Bento individually and on team projects

by Pablo Estrada

Our learnings from user feedback and how to use Bento individually and on teams

Bento check: Securing your Flask routes with JWT decorators

by Sharon Lin

Check for missing authorization decorators in apps using JWTs

Bento check: Flask template files that aren’t autoescaped by default

by Grayson Hardaway

Detect possible XSS in unescaped Jinja templates used in Flask

Bento check: Use jsonify() instead of json.dumps() in Flask

by Grayson Hardaway

Find use of json.dumps() in Flask where jsonify() should be used instead

Bento check: Keeping your cookies safe in Flask

by Grayson Hardaway

Ensure cookie settings are set securely in Flask

Flask check: send_file() with a file handle

by Grayson Hardaway

Bento check to detect if send_file() will throw an exception

Our quest to make world-class security and bugfinding available to all developers, for free

by Isaac Evans

Introducing Bento, a free and opinionated toolkit for easily adopting linters and program analysis in a codebase

Three things your linter shouldn’t tell you

by Grayson Hardaway

How we’ve curated our code checks in Bento