Log in
Enquire now

Bento (software)

Bento is an open source static program analysis package released by San Francisco-based startup r2c.

OverviewStructured DataIssuesContributors

Bento is an open source static program analysis package released by San Francisco-based startup r2c. Bento runs specialty checks against Flask and Django code, and code written for related Python packages like Requests.

Specialty checks

Bento includes specialty checks for Python web apps and open source checks for Python, Docker, and shell files.

Flask checks
  • Missing JWT decorators
  • Secure set cookie
  • Proper use of send file open
  • Unescaped file extension
  • Use blueprint for modularity
  • Use jsonify
Django checks
  • Avoid NULL for string fields
  • Set string field to avoid constraint violations
  • Open redirect
  • Use DecimalField for currency
  • Use JsonResponse
  • Use .count() instead of len()
  • Avoid raw SQL queries
Jinja checks
  • Missing noopener
  • Missing CSRF protection
  • Missing noreferrer
  • Unquoted attribute value
  • Missing meta content type
  • Missing meta charset
  • Missing doctype
Requests checks
  • Use scheme
  • No auth over http
  • Use timeout
Boto 3 checks
  • Hardcoded access token
Click checks
  • Launch uses literal
  • Parameter matching in 'click.option'

Timeline

No Timeline data yet.

Further Resources

Title
Author
Link
Type
Date

Bento Specialty Checks

https://bento.dev/checks/

Web

r2c blog - Our quest to make world-class security and bugfinding available to all developers, for free

https://bento.dev/blog/2019/our-quest-to-make-world-class-security-and-bugfinding-available-to-all-developers/

Web

References

Find more entities like Bento (software)

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.
Open Query Tool
Access by API
Golden Query Tool
Golden logo
By using this site, you agree to our Terms of Service.