Usage of weak secret key

• Rule ID: python_django_weak_secret_key
• Languages: python
• Source: weak_secret_key.yml

Description

Weak secret keys can compromise data security. To ensure effective encryption, secret keys should be 12 bytes or greater.

Remediations

• Do not use secret keys shorter than 12 bytes. Short keys are easier to crack, putting your data at risk.

  SECRET_KEY = "weak" # unsafe

• Do ensure your secret keys are 12 bytes or longer to maintain strong encryption and protect sensitive data.

  SECRET_KEY = "correct-horse-battery-staple"

References

• Django secret key setting and recommended best practice
• django-cryptography documentation

Associated CWE

• CWE-326: Inadequate Encryption Strength

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=python_django_weak_secret_key

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=python_django_weak_secret_key