Use of possibly insecure function - consider using safer ast.literal_eval. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Test

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

Test: blacklist id: B307: ./tests/data/python-01/canary.py#L7

Use of possibly insecure function - consider using safer ast.literal_eval. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Syntax error: .github/workflows/super-sast-action.yml#L27

When parsing a snippet as Bash for metavariable-pattern in rule 'yaml.github-actions.security.curl-eval.curl-eval', `${{` was unexpected

Test: subprocess_without_shell_equals_true id: B603: ./main.py#L153

subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html

Test: start_process_with_partial_path id: B607: ./main.py#L157

Starting a process with a partial executable path more info https://bandit.readthedocs.io/en/1.7.5/plugins/b607_start_process_with_partial_path.html

Test: subprocess_without_shell_equals_true id: B603: ./main.py#L158

subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html

Test: blacklist id: B311: ./tests/data/python-01/canary.py#L3

Standard pseudo-random generators are not suitable for security/cryptographic purposes. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b311-random

Test: hardcoded_password_string id: B105: ./tests/data/python-01/canary.py#L5

Possible hardcoded password: 'secret' more info https://bandit.readthedocs.io/en/1.7.5/plugins/b105_hardcoded_password_string.html

Test: assert_used id: B101: ./tests/data/python-01/canary.py#L15

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L13

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L14

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L27

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L28

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L34

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_checkov.py#L24

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_main.py#L58

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_main.py#L79

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_semgrep.py#L23

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

py - CVE-2022-42969: /usr/local/lib/python3.11/site-packages#L1

Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. - Other links:https://data.safetycli.com/v/51457/f17

Test: subprocess_without_shell_equals_true id: B603: ./main.py#L153

subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html

Test: start_process_with_partial_path id: B607: ./main.py#L157

Starting a process with a partial executable path more info https://bandit.readthedocs.io/en/1.7.5/plugins/b607_start_process_with_partial_path.html

Test: subprocess_without_shell_equals_true id: B603: ./main.py#L158

subprocess call - check for execution of untrusted input. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b603_subprocess_without_shell_equals_true.html

Test: blacklist id: B311: ./tests/data/python-01/canary.py#L3

Standard pseudo-random generators are not suitable for security/cryptographic purposes. more info https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b311-random

Test: hardcoded_password_string id: B105: ./tests/data/python-01/canary.py#L5

Possible hardcoded password: 'secret' more info https://bandit.readthedocs.io/en/1.7.5/plugins/b105_hardcoded_password_string.html

Test: assert_used id: B101: ./tests/data/python-01/canary.py#L15

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L13

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L14

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L27

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L28

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_bandit.py#L34

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_checkov.py#L24

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_main.py#L58

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_main.py#L79

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

Test: assert_used id: B101: ./tests/test_semgrep.py#L23

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. more info https://bandit.readthedocs.io/en/1.7.5/plugins/b101_assert_used.html

py - CVE-2022-42969: /usr/local/lib/python3.11/site-packages#L1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

added docker args #121

Summary

added docker args #121

Jobs

Run details

test.yml

Annotations