Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create mitre-file.py #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Create mitre-file.py

956eaf0
Select commit
Loading
Failed to load commit list.
Open

Create mitre-file.py #5

Create mitre-file.py
956eaf0
Select commit
Loading
Failed to load commit list.
Orca Security (orcadevroi) / Orca Security - Semgrep failed Sep 12, 2024 in 1m 9s

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Semgrep high 2   medium 7   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
high Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret mitre-file.py View in code
high Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true mitre-file.py View in code
medium Semgrep Finding: python.lang.security.audit.md5-used-as-password.md5-used-as-password mitre-file.py View in code
medium Semgrep Finding: python.django.security.audit.secure-cookies.django-secure-set-cookie mitre-file.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre-file.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre-file.py View in code
medium Semgrep Finding: python.django.security.injection.code.user-eval.user-eval mitre-file.py View in code
medium Semgrep Finding: python.lang.security.audit.eval-detected.eval-detected mitre-file.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre-file.py View in code

Annotations

Check failure on line 169 in mitre-file.py

See this annotation in the file changed.

@orca-security-orcadevroi orca-security-orcadevroi / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret 

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected
Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider
using an appropriate security mechanism to protect the credentials (e.g. keeping
secrets in environment variables)

Check failure on line 233 in mitre-file.py

See this annotation in the file changed.

@orca-security-orcadevroi orca-security-orcadevroi / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true 

Found 'subprocess' function 'Popen' with 'shell=True'. This is dangerous because
this call will spawn the command using a shell process. Doing so propagates
current shell settings and variables, which makes it much easier for a malicious
actor to execute commands. Use 'shell=False' instead.
View more details on Orca Security (orcadevroi)