fix: doc/requirements.txt to reduce vulnerabilities #1012
tonybaloneytest_action.yml
on: push
Execute the pycharm-security action
2m 31s
Annotations
30 warnings
|
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
Too broad exception clause
|
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L12
Too broad exception clause
|
|
Execute the pycharm-security action:
file:///github/workspace/assert_and_try.py#L5
Too broad exception clause
|
|
Execute the pycharm-security action:
file:///github/workspace/test_paramiko.py#L7
PAR101: Possible remote shell injection with unescaped input Found in ''banana {0}'.format("x")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_pr.py#L1
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_django.py#L2
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_mako.pt.py#L3
MK100: Mako does not inspect or sanitize input by default, leaving rendered templates open to XSS. Use default_filters=['h']. Found in 'Template("<html><body>${ input }</body></html>")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
|
|
Execute the pycharm-security action:
file:///github/workspace/out/OsChmodInspection.json#L17
Typo: In word 'FQNAME'
|
|
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
Execute the pycharm-security action:
file:///github/workspace/test_paramiko.py#L7
PAR101: Possible remote shell injection with unescaped input Found in ''banana {0}'.format("x")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_pr.py#L1
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_django.py#L2
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_mako.pt.py#L3
MK100: Mako does not inspect or sanitize input by default, leaving rendered templates open to XSS. Use default_filters=['h']. Found in 'Template("<html><body>${ input }</body></html>")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L1
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'from xmlrpc.server import SimpleXMLRPCServer'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L2
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'from xmlrpc.server import SimpleXMLRPCRequestHandler'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L4
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'import xml.sax'.
|
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
|
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
Execute the pycharm-security action:
file:///github/workspace/test_paramiko.py#L7
PAR101: Possible remote shell injection with unescaped input Found in ''banana {0}'.format("x")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_pr.py#L1
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_django.py#L2
Relative import outside of a package
|
|
Execute the pycharm-security action:
file:///github/workspace/test_mako.pt.py#L3
MK100: Mako does not inspect or sanitize input by default, leaving rendered templates open to XSS. Use default_filters=['h']. Found in 'Template("<html><body>${ input }</body></html>")'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L1
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'from xmlrpc.server import SimpleXMLRPCServer'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L2
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'from xmlrpc.server import SimpleXMLRPCRequestHandler'.
|
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L4
XML100: The xml modules in the Python standard library are not secure against maliciously constructed data. Found in 'import xml.sax'.
|
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|