Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Report: 1 high severity findings, 37 total findings #31

Open
21 tasks
mend-for-github-com bot opened this issue Nov 27, 2024 · 0 comments
Open
21 tasks

Code Security Report: 1 high severity findings, 37 total findings #31

mend-for-github-com bot opened this issue Nov 27, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link

Code Security Report

Scan Metadata

Latest Scan: 2024-11-27 12:47am
Total Findings: 37 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 62
Detected Programming Languages: 2 (Python, JavaScript / TypeScript*)

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDetected
HighCommand Injection

CWE-78

setup.py:19

12024-11-27 12:48am
Vulnerable Code

seeq-mps/setup.py

Lines 14 to 19 in 78f8a9a

raise ValueError(f"Invalid version. Expected __version__ = 'xx.xx.xx', but got \n{version_file}")
version = version_line.group(1).replace(" ", "").strip('\n').strip("'").strip('"')
print(f"version: {version}")
try:
Version.parse(version)
exec(version_line.group(0), version_scope)

1 Data Flow/s detected

seeq-mps/setup.py

Line 11 in 78f8a9a

version_file = f.read()

seeq-mps/setup.py

Line 12 in 78f8a9a

version_line = re.search(r"__version__ = (.*)", version_file)

seeq-mps/setup.py

Line 19 in 78f8a9a

exec(version_line.group(0), version_scope)

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Command Injection Training

● Videos

   ▪ Secure Code Warrior Command Injection Video

● Further Reading

   ▪ OWASP testing for Command Injection

   ▪ OWASP Command Injection

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

examples.html:46

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/examples.html

Line 46 in 78f8a9a

<input type="hidden" name="area" value="default" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

examples.html:45

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/examples.html

Line 45 in 78f8a9a

<input type="hidden" name="check_keywords" value="yes" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

py-modindex.html:45

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/py-modindex.html

Line 45 in 78f8a9a

<input type="hidden" name="check_keywords" value="yes" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

user_guide.html:46

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/user_guide.html

Line 46 in 78f8a9a

<input type="hidden" name="area" value="default" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

_mps.html:34

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/_modules/seeq/addons/mps/_mps.html

Line 34 in 78f8a9a

<input type="hidden" name="check_keywords" value="yes" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

genindex.html:43

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/genindex.html

Line 43 in 78f8a9a

<input type="hidden" name="area" value="default" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

index.html:45

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/index.html

Line 45 in 78f8a9a

<input type="hidden" name="area" value="default" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

docstrings.html:46

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/docstrings.html

Line 46 in 78f8a9a

<input type="hidden" name="area" value="default" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
 
MediumHidden HTML Input

CWE-472

user_interface.html:45

12024-11-27 12:48am
Vulnerable Code

seeq-mps/docs/user_interface.html

Line 45 in 78f8a9a

<input type="hidden" name="check_keywords" value="yes" />

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Hidden HTML Input Training

● Videos

   ▪ Secure Code Warrior Hidden HTML Input Video

● Further Reading

   ▪ OWASP Top Ten Mobile Risks 2014 M8: Security Decisions Via Untrusted Inputs

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk

Findings Overview

Severity Vulnerability Type CWE Language Count
High Command Injection CWE-78 Python 1
Medium Hidden HTML Input CWE-472 Python 36
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants