Merge pull request #22 from mauricelambert/dev #362
Annotations
12 warnings
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v2. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
file:///github/workspace/docs/Security_Considerations.md#L154
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(environ["HTTP_COMMAND"])'.
|
file:///github/workspace/docs/Security_Considerations.md#L155
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(sys.argv[1])'.
|
file:///github/workspace/docs/Security_Considerations.md#L156
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(input())'.
|
file:///github/workspace/docs/Security_Considerations.md#L130
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(inputs[0])'.
|
file:///github/workspace/WebScripts/Pages.py#L799
PR100: Calling subprocess commands with shell=True can leave the host shell open to local code execution or remote code execution attacks. Found in 'command'.
|
file:///github/workspace/WebScripts/scripts/account/change_my_password.py#L79
PW100: Matching inputs, secrets or tokens using the == operator is vulnerable to timing attacks. Use compare_digest() instead. Found in 'arguments.password != arguments.password_confirmation'.
|
file:///github/workspace/docs/Security_Considerations.md#L150
SH100: Potential shell injection with unescaped input. Found in 'environ["HTTP_COMMAND"]'.
|
file:///github/workspace/docs/Security_Considerations.md#L151
SH100: Potential shell injection with unescaped input. Found in 'sys.argv[1]'.
|
file:///github/workspace/docs/Security_Considerations.md#L152
SH100: Potential shell injection with unescaped input. Found in 'input()'.
|
This job succeeded
Loading