-
Notifications
You must be signed in to change notification settings - Fork 0
/
Issues_March-1-2024_12-04-PM.sarif
1 lines (1 loc) · 13.5 KB
/
Issues_March-1-2024_12-04-PM.sarif
1
{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"HCL AppScan Static Analyzer"}},"artifacts":[{"location":{"uri":"file:///pygoat-master\\introduction\\views.py"}},{"location":{"uri":"file:///pygoat-master\\Dockerfile"}},{"location":{"uri":"file:///pygoat-master\\introduction\\mitre.py"}},{"location":{"uri":"file:///pygoat-master\\pygoat\\settings.py"}},{"location":{"uri":"file:///pygoat-master\\introduction\\apis.py"}},{"location":{"uri":"file:///pygoat-master\\docker-compose.yml"}},{"location":{"uri":"file:///pygoat-master\\introduction\\lab_code\\test.py"}},{"location":{"uri":"file:///pygoat-master\\introduction\\playground\\ssrf\\main.py"}},{"location":{"uri":"file:///pygoat-master\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html"}},{"location":{"uri":"file:///pygoat-master\\introduction\\utility.py"}}],"results":[{"ruleId":"SA2045530267","message":{"text":"Eval code injection"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":453}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"3b0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"592656455"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Injection"}},{"ruleId":"SA8630344","message":{"text":"Raw XML packages used"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":18}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"320dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1603599115"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.XML"}},{"ruleId":"SA3010587389","message":{"text":"Insecure YAML load usage"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":553}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"3e0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1148970946"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Malicious.DynamicCode.Execution"}},{"ruleId":"SA3010587389","message":{"text":"Insecure YAML load usage"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":553}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"410dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1578387627"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Malicious.DynamicCode.Execution"}},{"ruleId":"SA800485108","message":{"text":"Hardcoded credentials in Python code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":861}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"470dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-2046231665"},"properties":{"Severity":"High","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}},{"ruleId":"SA2805302817","message":{"text":"No non-root USER specified in Dockerfile configuration"},"locations":[{"physicalLocation":{"artifactLocation":{"index":1},"region":{"startLine":1}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\Dockerfile"}]}],"guid":"050dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-2111337728"},"properties":{"Severity":"High","Status":"Open","IssueType":"PrivilegeEscalation"}},{"ruleId":"SA800485108","message":{"text":"Hardcoded credentials in Python code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":863}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"4a0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1183292713"},"properties":{"Severity":"High","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}},{"ruleId":"SA8630344","message":{"text":"Raw XML packages used"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":19}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"350dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1877506832"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.XML"}},{"ruleId":"SA800485108","message":{"text":"Hardcoded credentials in Python code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":865}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"4d0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1916610644"},"properties":{"Severity":"High","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}},{"ruleId":"SA20454734","message":{"text":"Python OS injection"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":423}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"380dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1429399303"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.OS"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":919}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"500dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1432977591"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA2007555259","message":{"text":"Python insecure cryptography algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"index":2},"region":{"startLine":161}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\mitre.py"}]}],"guid":"170dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1601292991"},"properties":{"Severity":"High","Status":"Open","IssueType":"Cryptography.InsecureAlgorithm"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":987}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"560dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"511161586"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":92}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\pygoat\\settings.py"}]}],"guid":"590dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-628402714"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":135}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\pygoat\\settings.py"}]}],"guid":"5c0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1953797956"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":132}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\apis.py"}]}],"guid":"110dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"329238703"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":68}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\apis.py"}]}],"guid":"0e0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-550273736"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA2701475346","message":{"text":"Root file system not mounted as read-only (Docker Compose)"},"locations":[{"physicalLocation":{"artifactLocation":{"index":5},"region":{"startLine":1}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\docker-compose.yml"}]}],"guid":"080dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1742085402"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Configuration"}},{"ruleId":"SA3010587389","message":{"text":"Insecure YAML load usage"},"locations":[{"physicalLocation":{"artifactLocation":{"index":6},"region":{"startLine":23}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\lab_code\\test.py"}]}],"guid":"140dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1457612000"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Malicious.DynamicCode.Execution"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":919}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"530dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-958441603"},"properties":{"Severity":"High","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":67}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\apis.py"}]}],"guid":"0b0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"584574883"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA2614963046","message":{"text":"Dangerous import of Pickle"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":7}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"2c0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"856783664"},"properties":{"Severity":"High","Status":"Open","IssueType":"Malicious.DynamicCode.Construction"}},{"ruleId":"SA8630344","message":{"text":"Raw XML packages used"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":17}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"2f0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1780799471"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.XML"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":7},"region":{"startLine":7}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\playground\\ssrf\\main.py"}]}],"guid":"230dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"864401886"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA2045530267","message":{"text":"Eval code injection"},"locations":[{"physicalLocation":{"artifactLocation":{"index":2},"region":{"startLine":218}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\mitre.py"}]}],"guid":"1a0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"60284035"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Injection"}},{"ruleId":"SA2603922176","message":{"text":"Insecure Use of Document.Cookie"},"locations":[{"physicalLocation":{"artifactLocation":{"index":8},"region":{"startLine":23}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html"}]}],"guid":"260dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-421590831"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA20454734","message":{"text":"Python OS injection"},"locations":[{"physicalLocation":{"artifactLocation":{"index":2},"region":{"startLine":233}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\mitre.py"}]}],"guid":"1d0dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-2144720600"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.OS"}},{"ruleId":"SA1412824715","message":{"text":"Join and relpath path traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"index":9},"region":{"startLine":34}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\utility.py"}]}],"guid":"290dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1591156204"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"PathTraversal"}},{"ruleId":"SA800485108","message":{"text":"Hardcoded credentials in Python code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":859}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\views.py"}]}],"guid":"440dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"376888404"},"properties":{"Severity":"High","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}},{"ruleId":"SA3831081122","message":{"text":"Popen command injection"},"locations":[{"physicalLocation":{"artifactLocation":{"index":2},"region":{"startLine":233}},"logicalLocations":[{"fullyQualifiedName":"pygoat-master\\introduction\\mitre.py"}]}],"guid":"200dc85d-06d8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1199304909"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.OS"}}],"columnKind":"utf16CodeUnits"}]}