added standard.yml #59
Annotations
4 errors, 6 warnings, and 16 notices
invalid syntax:
./tests/data/python-01/py2.py#L2
Missing parentheses in call to 'print'. Did you mean print(...)?
|
CKV2_GHA_1:
/.github/workflows/standard.yml#L0
Ensure top-level permissions are not set to write-all
|
CKV2_GHA_1:
/.github/workflows/test.yml#L0
Ensure top-level permissions are not set to write-all
|
CKV2_GHA_1:
/.github/workflows/super-sast-action.yml#L0
Ensure top-level permissions are not set to write-all
|
Test: blacklist id: B307:
./tests/data/python-01/canary.py#L7
Use of possibly insecure function - consider using safer ast.literal_eval. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval
|
Syntax error:
.github/workflows/super-sast-action.yml#L32
When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected
|
Syntax error:
.github/workflows/super-sast-action.yml#L32
When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected
|
Syntax error:
.github/workflows/super-sast-action.yml#L32
When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected
|
Syntax error:
.github/workflows/super-sast-action.yml#L32
When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected
|
Python 3.7 ubuntu-latest
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
Test: subprocess_without_shell_equals_true id: B603:
./main.py#L153
subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html
|
Test: start_process_with_partial_path id: B607:
./main.py#L157
Starting a process with a partial executable path more info https://bandit.readthedocs.io/en/1.7.5/plugins/b607_start_process_with_partial_path.html
|
Test: subprocess_without_shell_equals_true id: B603:
./main.py#L158
subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html
|
Test: blacklist id: B311:
./tests/data/python-01/canary.py#L3
Standard pseudo-random generators are not suitable for security/cryptographic purposes. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b311-random
|
Test: hardcoded_password_string id: B105:
./tests/data/python-01/canary.py#L5
Possible hardcoded password: 'secret' more info https://bandit.readthedocs.io/en/1.7.5/plugins/b105_hardcoded_password_string.html
|
Test: assert_used id: B101:
./tests/data/python-01/canary.py#L15
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_bandit.py#L13
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_bandit.py#L14
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_bandit.py#L27
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_bandit.py#L28
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_bandit.py#L34
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_checkov.py#L24
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_main.py#L58
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_main.py#L79
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
Test: assert_used id: B101:
./tests/test_semgrep.py#L23
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html
|
py - CVE-2022-42969:
/usr/local/lib/python3.11/site-packages#L1
Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. - Other links:https://data.safetycli.com/v/51457/f17
|
Artifacts
Produced during runtime
Name | Size | |
---|---|---|
super-sast-action_artifact
Expired
|
892 KB |
|