logo

Database

Python Set Cookie From Untrusted Input

Description

Detects vulnerabilities in Python web applications where session cookies or identifiers can be set from untrusted user input. This allows attackers to overwrite or modify cookies.

Weakness:

195 - Lack of data validation - Headers

Category: Unexpected Injection

Detection Strategy

    Identifies when cookies or session-related variables are set using member access operations (e.g., response.set_cookie, session.id)

    Checks if the cookie value or session identifier comes from untrusted sources like user input or request parameters

    Reports a vulnerability when session identifiers or cookies are directly assigned from unvalidated external input

Vulnerable code example

from django.http import HttpRequest, HttpResponse

def vulnerable_cookies(request: HttpRequest) -> HttpResponse:
    user_input = request.GET.get("data")
    response = HttpResponse("Hello")
    response["Set-Cookie"] = user_input  # Vulnerable: Direct user input in cookie header
    response.set_cookie("userdata", user_input)  # Vulnerable: Unsanitized user input as cookie value
    return response

✅ Secure code example

from django.http import HttpRequest, HttpResponse
from django.utils.html import escape
import re

def safe_cookies(request: HttpRequest) -> HttpResponse:
    user_input = request.GET.get("data")
    
    # Sanitize and validate cookie value - only allow alphanumeric and basic punctuation...