Skip to content

Create mitre3.py

Orca Security (orcadevroi) / Orca Security - Semgrep failed Sep 12, 2024 in 52s

Orca Security Scan Summary

Status Check Issues by priority
Failed Failed Semgrep high 2   medium 7   low 0   info 0 View in Orca
🛡️ The following IaC misconfigurations have been detected
NAME FILE
high Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret mitre3.py View in code
high Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true mitre3.py View in code
medium Semgrep Finding: python.lang.security.audit.md5-used-as-password.md5-used-as-password mitre3.py View in code
medium Semgrep Finding: python.django.security.audit.secure-cookies.django-secure-set-cookie mitre3.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre3.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre3.py View in code
medium Semgrep Finding: python.django.security.injection.code.user-eval.user-eval mitre3.py View in code
medium Semgrep Finding: python.lang.security.audit.eval-detected.eval-detected mitre3.py View in code
medium Semgrep Finding: python.django.security.audit.csrf-exempt.no-csrf-exempt mitre3.py View in code

Annotations

Check failure on line 169 in mitre3.py

See this annotation in the file changed.

@orca-security-orcadevroi orca-security-orcadevroi / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret 

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected
Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider
using an appropriate security mechanism to protect the credentials (e.g. keeping
secrets in environment variables)

Check failure on line 233 in mitre3.py

See this annotation in the file changed.

@orca-security-orcadevroi orca-security-orcadevroi / Orca Security - Semgrep

[HIGH] Semgrep Finding: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true 

Found 'subprocess' function 'Popen' with 'shell=True'. This is dangerous because
this call will spawn the command using a shell process. Doing so propagates
current shell settings and variables, which makes it much easier for a malicious
actor to execute commands. Use 'shell=False' instead.
View more details on Orca Security (orcadevroi)