Original Post: Bento 0.9: Checks for a high-severity Python vulnerability and Jinja templates
Bento version 0.9 introduces a critical check for a high-severity Python vulnerability (CVE-2020-8492) related to regex denial of service (ReDoS). This vulnerability had previously caused significant outages, such as Cloudflare’s in July 2019. Users can now run this ReDoS check using Bento. Additionally, new checks for Jinja, Flaskās HTML template engine, have been added to address cross-site scripting (XSS) vulnerabilities, including checks for missing noreferrer
and noopener
attributes.
A new GitHub Action is also in development, and the team invites early users to try it out.
To update to the latest version of Bento, use:
$ pip3 install --upgrade bento-cli
To enable the new ReDoS check, run:
# Run Dlint tool and its ReDoS check once:
$ bento check --tool=dlint --all
# Enable Dlint and its ReDoS check to run on every commit:
$ bento enable tool dlint
For Jinja template checks, use:
# Run Jinja checks once:
$ bento check --tool=r2c.jinja --all
# Run Jinja checks on every commit:
$ bento enable tool r2c.jinja
For early access to the GitHub Action, contact the team via email.
For more details, read the blog post.
Go here to read the Original Post