Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test security scan workflow #13

Closed
wants to merge 2 commits into from
Closed

Test security scan workflow #13

wants to merge 2 commits into from

Conversation

AmirZandiehprojects
Copy link
Collaborator

No description provided.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 4, 2024

Security Scan Results

Advanced Vulnerability Scan Results for ./test_vulnerabilities.py:
Total lines of code: 30

Detected Vulnerabilities:
- Bandit: B608: Possible SQL injection vector through string-based query construction.
  Severity: MEDIUM, Confidence: LOW
  Location: Line 9
  Code: query = f"SELECT * FROM users WHERE username = '{user_input}'"

- Bandit: B301: Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.
  Severity: MEDIUM, Confidence: HIGH
  Location: Line 14
  Code: return pickle.loads(data)

- Bandit: B113: Requests call without timeout
  Severity: MEDIUM, Confidence: LOW
  Location: Line 19
  Code: return requests.get(url)

- Bandit: B403: Consider possible security implications associated with pickle module.
  Severity: LOW, Confidence: HIGH
  Location: Line 2
  Code: import pickle

- Cross-Site Scripting (XSS): Potential XSS vulnerability: print("Application started")
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 27
  Code: print("Application started")

- Hardcoded Secret: Potential hardcoded secret: KEY = "my_secret_api_key_12345"
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 5
  Code: API_KEY = "my_secret_api_key_12345"

- Vulnerable Component: Potentially vulnerable library: requests
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 18
  Code: import requests

- SSRF: Potential SSRF vulnerability: return requests.get(url)
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 19
  Code: return requests.get(url)

- Sensitive Data Exposure: Potential sensitive data exposure: with open("sensitive_data.txt", "w") as f:
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 22
  Code: with open("sensitive_data.txt", "w") as f:

- Insecure Deserialization: Potential insecure deserialization: return pickle.loads(data)
  Severity: HIGH, Confidence: HIGH
  Location: Line 14
  Code: return pickle.loads(data)



Advanced Vulnerability Scan Results for ./test_vulnerability.py:
Total lines of code: 10

Detected Vulnerabilities:
- Insufficient Logging: No logging statements found in the file
  Severity: MEDIUM, Confidence: HIGH

- Bandit: B608: Possible SQL injection vector through string-based query construction.
  Severity: MEDIUM, Confidence: LOW
  Location: Line 8
  Code: query = f"SELECT * FROM users WHERE username = '{user_input}'"

- Bandit: B105: Possible hardcoded password: 'hardcoded_secret_key'
  Severity: LOW, Confidence: MEDIUM
  Location: Line 4
  Code: SECRET_KEY = "hardcoded_secret_key"

- Hardcoded Secret: Potential hardcoded secret: KEY = "hardcoded_secret_key"
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 4
  Code: SECRET_KEY = "hardcoded_secret_key"



Advanced Vulnerability Scan Results for ./amir.py:
Total lines of code: 217

Detected Vulnerabilities:
- Bandit: B404: Consider possible security implications associated with the subprocess module.
  Severity: LOW, Confidence: HIGH
  Location: Line 1
  Code: import subprocess

- Sensitive Data Exposure: Potential sensitive data exposure: with open(self.file_path, 'r', encoding='utf-8') as file:
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 30
  Code: with open(self.file_path, 'r', encoding='utf-8') as file:

- Sensitive Data Exposure: Potential sensitive data exposure: with open('security-scan-results.txt', 'w') as f:
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 213
  Code: with open('security-scan-results.txt', 'w') as f:



Advanced Vulnerability Scan Results for ./Data Anonymization/pypy modified.py:
Total lines of code: 35

Detected Vulnerabilities:
- Insufficient Logging: No logging statements found in the file
  Severity: MEDIUM, Confidence: HIGH



Advanced Vulnerability Scan Results for ./File Upload Service/streamlitdw/File upload service files/data-lakehouse/app/streamlitdw_fe.py:
Total lines of code: 60

Detected Vulnerabilities:
- Insufficient Logging: No logging statements found in the file
  Severity: MEDIUM, Confidence: HIGH



Advanced Vulnerability Scan Results for ./File Upload Service/streamlitdw/File upload service files/data-lakehouse/flask/flaskapi_dw.py:
Total lines of code: 48

Detected Vulnerabilities:
- Insufficient Logging: No logging statements found in the file
  Severity: MEDIUM, Confidence: HIGH

- Bandit: B104: Possible binding to all interfaces.
  Severity: MEDIUM, Confidence: MEDIUM
  Location: Line 48
  Code: app.run(host='0.0.0.0', port=5000) # runnning on 5000

- Sensitive Data Exposure: Potential sensitive data exposure: return send_file(
  Severity: HIGH, Confidence: MEDIUM
  Location: Line 39
  Code: return send_file(

Vulnerabilities detected. Please address these issues before merging.

@AmirZandiehprojects AmirZandiehprojects deleted the test-security-scan-workflow branch September 4, 2024 06:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AmirZandiehprojects