Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create mitre2.py #3

Merged
merged 1 commit into from
Sep 12, 2024

Create mitre2.py

6aa5c60
Select commit
Loading
Failed to load commit list.
Merged

Create mitre2.py #3

Create mitre2.py
6aa5c60
Select commit
Loading
Failed to load commit list.
Orca Security (orcadev-ayala) / Orca Security - Semgrep failed Sep 12, 2024 in 37s

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Semgrep high 2   medium 7   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
high Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret mitre2.py View in code
high Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true mitre2.py View in code
medium Semgrep Finding: python.lang.security.audit.md5-used-as-password.md5-used-as-password mitre2.py View in code
medium Semgrep Finding: python.django.security.audit.secure-cookies.django-secure-set-cookie mitre2.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre2.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre2.py View in code
medium Semgrep Finding: python.django.security.injection.code.user-eval.user-eval mitre2.py View in code
medium Semgrep Finding: python.lang.security.audit.eval-detected.eval-detected mitre2.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre2.py View in code

Annotations

Check failure on line 169 in mitre2.py

See this annotation in the file changed.

@orca-security-orcadev-ayala orca-security-orcadev-ayala / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret 

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected
Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider
using an appropriate security mechanism to protect the credentials (e.g. keeping
secrets in environment variables)

Check failure on line 233 in mitre2.py

See this annotation in the file changed.

@orca-security-orcadev-ayala orca-security-orcadev-ayala / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true 

Found 'subprocess' function 'Popen' with 'shell=True'. This is dangerous because
this call will spawn the command using a shell process. Doing so propagates
current shell settings and variables, which makes it much easier for a malicious
actor to execute commands. Use 'shell=False' instead.
View more details on Orca Security (orcadev-ayala)