Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explain missing flags: #6

Merged
merged 1 commit into from
Mar 2, 2024
Merged

Conversation

lukehinds
Copy link
Contributor

No description provided.

Copy link

github-actions bot commented Mar 2, 2024

🛡️ Bandit Scan Results Summary

We found 1 High, 2 Medium, and 3 Low severity issues.

Detailed Findings


Severity Issue File Line Confidence More Info Test ID
🟡 LOW Consider possible security implications associated with the subprocess module. ./test/main.py 1 HIGH More Info B404
🟡 LOW Consider possible security implications associated with pickle module. ./test/main.py 9 HIGH More Info B403
⚪ MEDIUM Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue. ./test/main.py 10 HIGH More Info B301
🟡 LOW Possible hardcoded password: 'this_is_a_secret_key' ./test/main.py 5 MEDIUM More Info B105
🔴 HIGH subprocess call with shell=True identified, security issue. ./test/main.py 15 HIGH More Info B602
⚪ MEDIUM Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). ./test/main.py 20 HIGH More Info B506

✨ About this Report

This report was generated by the official Bandit GitHub Action to ensure our codebase stays secure.

📕 What is Bandit?

Bandit is a tool designed to find common security issues in Python code. To learn more about how Bandit helps to keep Python code safe, visit the Bandit documentation.

👥 Community Support

Got questions or need help with Bandit Action?

  • Join our community on the Discord server.
  • Share tips, get advice, and collaborate on security best practices.

@lukehinds lukehinds merged commit f9f087a into main Mar 2, 2024
1 check failed
@lukehinds lukehinds deleted the check-report-set-if-so-overide branch March 2, 2024 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant