Positive results

[lperry022]

No description provided.

[github-actions]

🔒 OWASP Scanner Results

No vulnerabilities detected.

### File: .github/workflows/owasp.yml

File .github/workflows/owasp.yml does not exist.

�[1m�[96mScan Results for .github/workflows/owasp.yml:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: README.md

File README.md does not exist.

�[1m�[96mScan Results for README.md:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: tests/test_negative.py

File tests/test_negative.py does not exist.

�[1m�[96mScan Results for tests/test_negative.py:�[0m
�[92m✅ No vulnerabilities found.�[0m

✅ Good to go.

[github-actions]

🔒 OWASP Scanner Results

No vulnerabilities detected.

### File: tests/test_negative.py

File tests/test_negative.py does not exist.

�[1m�[96mScan Results for tests/test_negative.py:�[0m
�[92m✅ No vulnerabilities found.�[0m

✅ Good to go.

[github-actions]

🔒 OWASP Scanner Results

No vulnerabilities detected.

### File: tests/test_negative.py

File tests/test_negative.py does not exist.

�[1m�[96mScan Results for tests/test_negative.py:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: tests/test_positive.py

�[1m�[96mScan Results for tests/test_positive.py:�[0m

�[1m�[95m=== A01: Injection (2 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 2

�[1m• Line 70 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ SQL query created via string concatenation: query = "SELECT * FROM users WHERE username = '" + user_input + "'"

�[1m• Line 74 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Suspicious query passed to execute(): cursor.execute(query)

�[1m�[95m=== A02: Broken Access Control (2 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 1, �[93mMedium�[0m: 1

�[1m• Line 28 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Flask route appears without an auth decorator: @app.route("/admin")

�[1m• Line 34 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Flask route appears without an auth decorator: @app.route("/login")

�[1m�[95m=== A03: Sensitive Data Exposure (5 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 5

�[1m• Line 10 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: SECRET_KEY = "changeme"

�[1m• Line 16 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: password = "SuperSecret123"

�[1m• Line 17 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: api_key = "sk_test_123456"

�[1m• Line 18 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Weak hashing algorithm detected: hashlib.md5(b"weak")

�[1m• Line 22 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: default_password = "password"

�[1m�[95m=== A05: Security Misconfiguration (7 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 2, �[93mMedium�[0m: 5

�[1m• Line 10 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: SECRET_KEY = '***'

�[1m• Line 11 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ ALLOWED_HOSTS permits all hosts: ALLOWED_HOSTS = ['*']

�[1m• Line 12 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Insecure cookie or transport flag: SESSION_COOKIE_SECURE = False

�[1m• Line 13 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Insecure cookie or transport flag: CSRF_COOKIE_SECURE = False

�[1m• Line 16 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: password = '***'

�[1m• Line 17 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: api_key = '***'

�[1m• Line 77 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Flask debug mode is enabled: app.run(debug=True)

�[1m�[95m=== A06: Vulnerable and Outdated Components (2 findings) ===�[0m
�[93mSummary:�[0m �[93mMedium�[0m: 2

�[1m• Line 44 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Dependency pin detected (manual review required): flask==0.12

�[1m• Line 45 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Dependency pin detected (manual review required): django==1.11

�[1m�[95m=== A07: Identification and Authentication Failures (4 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 4

�[1m• Line 21 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded default username detected: username = "admin"

�[1m• Line 22 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded default password detected: default_password = "password"

�[1m• Line 23 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Insecure TLS verification disabled: requests.get("https://example.com", verify=False)

�[1m• Line 34 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Authentication-related route without explicit auth checks: @app.route("/login")

�[1m�[95m=== A08: Software and Data Integrity Failures (4 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 4

�[1m• Line 50 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Use of dangerous dynamic evaluation: result = eval(user_code)

�[1m• Line 51 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Unsafe YAML load detected; use yaml.safe_load(): data = yaml.load("key: value")

�[1m• Line 55 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Potential unsafe deserialization via pickle: obj = pickle.load(fh)

�[1m• Line 56 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ subprocess call with shell=True detected: subprocess.run("echo hi", shell=True)

�[1m�[95m=== A09: Security Logging and Monitoring Failures (3 findings) ===�[0m
�[93mSummary:�[0m �[93mMedium�[0m: 3

�[1m• Line 34 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Print used in authentication flow; prefer structured, secure logging.

�[1m• Line 61 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Exception handled with print() instead of proper logging/alerting near: except:

�[1m• Line 62 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Possible secret printed to stdout: print("error:", default_password)

�[1m�[95m=== A10: Server-Side Request Forgery (1 finding) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 1

�[1m• Line 66 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Potential SSRF: unvalidated user-controlled URL passed to requests.*(): requests.get(url)

✅ Good to go.

[github-actions]

🔒 OWASP Scanner Results

No vulnerabilities detected.

### File: .github/workflows/owasp.yml

�[1m�[96mScan Results for .github/workflows/owasp.yml:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: tests/test_negative.py

File tests/test_negative.py does not exist.

�[1m�[96mScan Results for tests/test_negative.py:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: tests/test_positive.py

�[1m�[96mScan Results for tests/test_positive.py:�[0m

�[1m�[95m=== A01: Injection (2 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 2

�[1m• Line 70 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ SQL query created via string concatenation: query = "SELECT * FROM users WHERE username = '" + user_input + "'"

�[1m• Line 74 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Suspicious query passed to execute(): cursor.execute(query)

�[1m�[95m=== A02: Broken Access Control (2 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 1, �[93mMedium�[0m: 1

�[1m• Line 28 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Flask route appears without an auth decorator: @app.route("/admin")

�[1m• Line 34 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Flask route appears without an auth decorator: @app.route("/login")

�[1m�[95m=== A03: Sensitive Data Exposure (5 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 5

�[1m• Line 10 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: SECRET_KEY = "changeme"

�[1m• Line 16 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: password = "SuperSecret123"

�[1m• Line 17 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: api_key = "sk_test_123456"

�[1m• Line 18 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Weak hashing algorithm detected: hashlib.md5(b"weak")

�[1m• Line 22 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Potential hardcoded sensitive data: default_password = "password"

�[1m�[95m=== A05: Security Misconfiguration (7 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 2, �[93mMedium�[0m: 5

�[1m• Line 10 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: SECRET_KEY = '***'

�[1m• Line 11 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ ALLOWED_HOSTS permits all hosts: ALLOWED_HOSTS = ['*']

�[1m• Line 12 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Insecure cookie or transport flag: SESSION_COOKIE_SECURE = False

�[1m• Line 13 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Insecure cookie or transport flag: CSRF_COOKIE_SECURE = False

�[1m• Line 16 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: password = '***'

�[1m• Line 17 |�[0m Severity �[93mMEDIUM�[0m | Confidence HIGH
→ Hardcoded secret or credential in config context: api_key = '***'

�[1m• Line 77 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Flask debug mode is enabled: app.run(debug=True)

�[1m�[95m=== A06: Vulnerable and Outdated Components (2 findings) ===�[0m
�[93mSummary:�[0m �[93mMedium�[0m: 2

�[1m• Line 44 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Dependency pin detected (manual review required): flask==0.12

�[1m• Line 45 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Dependency pin detected (manual review required): django==1.11

�[1m�[95m=== A07: Identification and Authentication Failures (4 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 4

�[1m• Line 21 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded default username detected: username = "admin"

�[1m• Line 22 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Hardcoded default password detected: default_password = "password"

�[1m• Line 23 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Insecure TLS verification disabled: requests.get("https://example.com", verify=False)

�[1m• Line 34 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Authentication-related route without explicit auth checks: @app.route("/login")

�[1m�[95m=== A08: Software and Data Integrity Failures (4 findings) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 4

�[1m• Line 50 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Use of dangerous dynamic evaluation: result = eval(user_code)

�[1m• Line 51 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ Unsafe YAML load detected; use yaml.safe_load(): data = yaml.load("key: value")

�[1m• Line 55 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Potential unsafe deserialization via pickle: obj = pickle.load(fh)

�[1m• Line 56 |�[0m Severity �[91mHIGH�[0m | Confidence MEDIUM
→ subprocess call with shell=True detected: subprocess.run("echo hi", shell=True)

�[1m�[95m=== A09: Security Logging and Monitoring Failures (3 findings) ===�[0m
�[93mSummary:�[0m �[93mMedium�[0m: 3

�[1m• Line 34 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Print used in authentication flow; prefer structured, secure logging.

�[1m• Line 61 |�[0m Severity �[93mMEDIUM�[0m | Confidence LOW
→ Exception handled with print() instead of proper logging/alerting near: except:

�[1m• Line 62 |�[0m Severity �[93mMEDIUM�[0m | Confidence MEDIUM
→ Possible secret printed to stdout: print("error:", default_password)

�[1m�[95m=== A10: Server-Side Request Forgery (1 finding) ===�[0m
�[93mSummary:�[0m �[91mHigh�[0m: 1

�[1m• Line 66 |�[0m Severity �[91mHIGH�[0m | Confidence HIGH
→ Potential SSRF: unvalidated user-controlled URL passed to requests.*(): requests.get(url)

✅ Good to go.

[github-actions]

🔒 OWASP Scanner Results

No vulnerabilities detected.

### File: .github/workflows/owasp.yml

�[1m�[96mScan Results for .github/workflows/owasp.yml:�[0m
�[92m✅ No vulnerabilities found.�[0m

### File: tests/test_negative.py

File tests/test_negative.py does not exist.

�[1m�[96mScan Results for tests/test_negative.py:�[0m
�[92m✅ No vulnerabilities found.�[0m

✅ Good to go.