-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scanner Demo #92
Scanner Demo #92
Changes from all commits
8a9cdce
0b60724
8d045a8
01acc9e
9629547
babc1ef
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,3 @@ | ||
| bandit==1.7.5 | ||
| bandit==1.7.5 | ||
| flask==0.12.3 # Known critical vulnerabilities: CVE-2018-1000656 | ||
|
Check failure Code scanning / Trivy flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header High
Package: flask
Installed Version: 0.12.3 Vulnerability CVE-2023-30861 Severity: HIGH Fixed Version: 2.3.2, 2.2.5 Link: CVE-2023-30861 |
||
| jinja2==2.7.2 # Known critical vulnerabilities: CVE-2019-10906 | ||
|
Check failure Code scanning / Trivy python-jinja2: Sandbox escape due to information disclosure via str.format High
Package: jinja2
Installed Version: 2.7.2 Vulnerability CVE-2016-10745 Severity: HIGH Fixed Version: 2.8.1 Link: CVE-2016-10745 Check failure Code scanning / Trivy python-jinja2: str.format_map allows sandbox escape High
Package: jinja2
Installed Version: 2.7.2 Vulnerability CVE-2019-10906 Severity: HIGH Fixed Version: 2.10.1 Link: CVE-2019-10906 Check warning Code scanning / Trivy python-jinja2: ReDoS vulnerability in the urlize filter Medium
Package: jinja2
Installed Version: 2.7.2 Vulnerability CVE-2020-28493 Severity: MEDIUM Fixed Version: 2.11.3 Link: CVE-2020-28493 Check warning Code scanning / Trivy jinja2: HTML attribute injection when passing user input as keys to xmlattr filter Medium
Package: jinja2
Installed Version: 2.7.2 Vulnerability CVE-2024-22195 Severity: MEDIUM Fixed Version: 3.1.3 Link: CVE-2024-22195 Check warning Code scanning / Trivy jinja2: accepts keys containing non-attribute characters Medium
Package: jinja2
Installed Version: 2.7.2 Vulnerability CVE-2024-34064 Severity: MEDIUM Fixed Version: 3.1.4 Link: CVE-2024-34064 |
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,13 @@ | ||
| import subprocess | ||
|
|
||
| # Critical vulnerability: Using subprocess with untrusted input | ||
| def run_command(user_input): | ||
| try: | ||
| result = subprocess.run(user_input, shell=True, check=True, text=True) # Insecure: allows command injection | ||
| print("Command output:", result.stdout) | ||
| except subprocess.CalledProcessError as e: | ||
| print("Error executing command:", e) | ||
|
|
||
| # Simulate receiving untrusted input | ||
| user_command = input("Enter a command to run: ") | ||
| run_command(user_command) |
Check failure
Code scanning / Trivy
python-flask: unexpected memory usage can lead to denial of service via crafted encoded JSON data High