# pyramid (Python) Security Rules

5 detection rules for pyramid framework in Python

- Total rules: 5
- CWE coverage: 5

## CRITICAL (3)

- **OS Command Injection**: Detects untrusted user input flowing into operating system command execution
functions without proper sanitization.
- **Sensitive Field Exposure in API Response**: Detects when sensitive data fields (passwords, tokens, secrets) are
exposed through API endpoint responses. This commonly happens when:

1. Returning user dictionaries with sensitive fields
2. Serializing ORM objects without excluding sensitive fields
3. Including sensitive fields in JSON responses

Security Impact:
- Password hash exposure enabling offline cracking attacks
- API key/token leakage allowing account takeover
- Session token exposure enabling session hijacking
- PII disclosure violating privacy regulations (GDPR, CCPA)
- **SQL Injection via Database Queries**: Detects untrusted user input flowing into SQL database queries without proper
parameterization.

## HIGH (2)

- **LDAP Injection**: Detects LDAP queries constructed with unsanitized user input.
- **Path Traversal / Directory Traversal**: Detects untrusted user input being used in file system operations without
proper validation.