Secure Setting for Django SESSION_COOKIE_SECURE flag

[pixeeai]

This codemod will set Django's SESSION_COOKIE_SECURE flag to True if it's False or missing on the settings.py file within Django's default directory structure.

+ SESSION_COOKIE_SECURE = True

Setting this flag on ensures that the session cookies are only sent under an HTTPS connection. Leaving this flag off may enable an attacker to use a sniffer to capture the unencrypted session cookie and hijack the user's session.

More reading

• https://owasp.org/www-community/controls/SecureCookieAttribute
• https://docs.djangoproject.com/en/4.2/ref/settings/#session-cookie-secure

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/django-session-cookie-secure-off

[pixeeai]

This change was autogenerated from a GitHub app - called Pixeebot. A code-quality GitHub App for source code.

Free installation for Open Source projects: 👇
https://github.com/marketplace/pixeebot-automated-code-fixes

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[pixeeai]

Any chance you've had the time to review these changes?

If you're not interested implementing them at this time, no worries. I can close the PR and follow up with additional changes in the future. Also, this plugin is free for non-commercial open sourced projects, so feel free to give it an install if you want to see the other recommended PRs.

Thanks,
Zach