Bento includes specialty checks for Python web apps and open source checks for Python, Docker, and shell files. Checks are developed by r2c’s program analysis team and fine-tuned based on their behavior across thousands of open source projects using the r2c platform.
Properly secure Flask routes when using JWT
Avoid hardcoded use of config variables in Flask
Follow best practices for cookie security
Alerts if using a Jinja template that is not automatically escaped by Flask
Ensure use of proper args when handling files
Avoid unwanted complexity when building large Flask apps
Use jsonify instead of json.dumps
Prevent XSS by detecting when a variable is used in an anchor tag
Ensure links opened in new tabs follow security best practices
Detect missing CSRF protection in HTML forms used in Jinja templates
Prevent browsers from switching into quirks mode by ensuring HTML doctype declaration
Ensure correct character encoding interpretation to help prevent XSS attacks
Ensure links opened in new tabs follow security best practices
Ensure proper content-type declaration to help prevent XSS attacks
Ensure attribute values are quoted when using Jinja template variables
Detects when the auth parameter is used over http, potentially exposing credentials
Finds URLs passed to Requests that don’t have a URL scheme
Finds Requests methods without a timeout
Detect hardcoded AWS access tokens used in Boto 3
Detects non-literal URLs in `click.launch()`, which could direct a browser to a malicious site
Ensures parameters match in @click.option and the function definition