Vulnerable Python #9
Conversation
![prisma-cloud-devsecops[bot]](https://avatars.githubusercontent.com/in/135857?s=60&v=4){kind=small}
| import libsession | ||
|
|
||
| app = Flask('vulpy') | ||
| app.config['SECRET_KEY'] = '123aa8a93bdde342c871564a62282af857bda14b3359fde95d0c5e4b321610c1' |
There was a problem hiding this comment.
Base64 High Entropy String detected in code
Resource: 41aac4ffe86b45dea7851c14b66c360c0f4cf5f1 | Checkov ID: CKV_SECRET_6
Description
Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.
| from cryptography.fernet import Fernet | ||
|
|
||
|
|
||
| key = 'JHtM1wEt1I1J9N_Evjwqr3yYauXIqSxYzFnRhcf0ZG0=' |
There was a problem hiding this comment.
Base64 High Entropy String detected in code
Resource: 42c8cd5c7a15e60e7c3490be4515e33c7f91d471 | Checkov ID: CKV_SECRET_6
Description
Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.
| #script-src 'self' 'unsafe-inline' | ||
| #script-src 'self' 'unsafe-inline' https://apis.google.com | ||
| script-src 'self' 'nonce-4AEemGb0xJptoIGFP3Nd'; | ||
| #script-src 'self' 'sha256-i5I5KydQz/hllPGo5Z3sBewXRIP0ORzyjDZzHOGW5MQ=' |
There was a problem hiding this comment.
Base64 High Entropy String detected in code
Resource: 02a5a5a72be1f966a473f3471f84e1784d930999 | Checkov ID: CKV_SECRET_6
Description
Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.
| #script-src 'self' 'unsafe-inline' | ||
| #script-src 'self' 'unsafe-inline' https://apis.google.com | ||
| #script-src 'self' 'nonce-4AEemGb0xJptoIGFP3Nd'; | ||
| #script-src 'self' 'sha256-i5I5KydQz/hllPGo5Z3sBewXRIP0ORzyjDZzHOGW5MQ=' |
There was a problem hiding this comment.
Base64 High Entropy String detected in code
Resource: 02a5a5a72be1f966a473f3471f84e1784d930999 | Checkov ID: CKV_SECRET_6
Description
Entropy checks help detect unstructured secrets by measuring the entropy level of a single string.
Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters.
Strings with a high entropy score are flagged as suspected secrets.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if not libuser.login(username, password): | ||
| return None | ||
|
|
||
| key = hashlib.sha256(str(random.getrandbits(2048)).encode()).hexdigest() |
Check notice
Code scanning / checkov
Use of insufficiently random values from random module
| ALGORITHM = 'sha1' | ||
|
|
||
| #key = secrets.token_bytes(2048) # needs python 3.6 | ||
| key = str(random.getrandbits(2048)).encode() |
Check notice
Code scanning / checkov
Use of insufficiently random values from random module
|
|
||
| import libsession | ||
|
|
||
| app = Flask('vulpy') |
Check failure
Code scanning / checkov
CSRF protections disabled
|
|
||
| import libsession | ||
|
|
||
| app = Flask('vulpy') |
Check failure
Code scanning / checkov
CSRF protections disabled
| from mod_posts import mod_posts | ||
| from mod_user import mod_user | ||
|
|
||
| app = Flask('vulpy') |
Check failure
Code scanning / checkov
CSRF protections disabled
| password_file.close() | ||
|
|
||
| for password in passwords: | ||
| response = requests.post(url, data = {'username': username, 'password': password}) |
Check warning
Code scanning / checkov
Uncontrolled resource consumption
| app = Flask('vulpy') | ||
| app.config['SECRET_KEY'] = 'aaaaaaa' | ||
|
|
||
| app.register_blueprint(mod_hello, url_prefix='/hello') | ||
| app.register_blueprint(mod_user, url_prefix='/user') | ||
| app.register_blueprint(mod_posts, url_prefix='/posts') | ||
| app.register_blueprint(mod_mfa, url_prefix='/mfa') | ||
|
|
||
|
|
||
| @app.route('/') | ||
| def do_home(): | ||
| return redirect('/posts') | ||
|
|
||
| @app.before_request | ||
| def before_request(): | ||
| g.session = libsession.load(request) | ||
|
|
||
| app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key')) |
Check warning
Code scanning / checkov
Active Debug Code
| app = Flask('vulpy') | ||
| app.config['SECRET_KEY'] = '123aa8a93bdde342c871564a62282af857bda14b3359fde95d0c5e4b321610c1' | ||
|
|
||
| app.register_blueprint(mod_hello, url_prefix='/hello') | ||
| app.register_blueprint(mod_user, url_prefix='/user') | ||
| app.register_blueprint(mod_posts, url_prefix='/posts') | ||
| app.register_blueprint(mod_mfa, url_prefix='/mfa') | ||
| app.register_blueprint(mod_csp, url_prefix='/csp') | ||
| app.register_blueprint(mod_api, url_prefix='/api') | ||
|
|
||
| csp_file = Path('csp.txt') | ||
| csp = '' | ||
|
|
||
| if csp_file.is_file(): | ||
| with csp_file.open() as f: | ||
| for line in f.readlines(): | ||
| if line.startswith('#'): | ||
| continue | ||
| line = line.replace('\n', '') | ||
| if line: | ||
| csp += line | ||
| print('CSP:', csp) | ||
|
|
||
| @app.route('/') | ||
| def do_home(): | ||
| return redirect('/posts') | ||
|
|
||
| @app.before_request | ||
| def before_request(): | ||
| g.session = libsession.load(request) | ||
|
|
||
| @app.after_request | ||
| def add_csp_headers(response): | ||
| if csp: | ||
| response.headers['Content-Security-Policy'] = csp | ||
| return response | ||
|
|
||
| app.run(debug=True, host='127.0.1.1', port=5001, extra_files='csp.txt') |
Check warning
Code scanning / checkov
Active Debug Code
| app = Flask('vulpy') | ||
| app.config['SECRET_KEY'] = 'aaaaaaa' | ||
|
|
||
| app.register_blueprint(mod_hello, url_prefix='/hello') | ||
| app.register_blueprint(mod_user, url_prefix='/user') | ||
| app.register_blueprint(mod_posts, url_prefix='/posts') | ||
| app.register_blueprint(mod_mfa, url_prefix='/mfa') | ||
| app.register_blueprint(mod_csp, url_prefix='/csp') | ||
| app.register_blueprint(mod_api, url_prefix='/api') | ||
|
|
||
| csp_file = Path('csp.txt') | ||
| csp = '' | ||
|
|
||
| if csp_file.is_file(): | ||
| with csp_file.open() as f: | ||
| for line in f.readlines(): | ||
| if line.startswith('#'): | ||
| continue | ||
| line = line.replace('\n', '') | ||
| if line: | ||
| csp += line | ||
| if csp: | ||
| print('CSP:', csp) | ||
|
|
||
|
|
||
| @app.route('/') | ||
| def do_home(): | ||
| return redirect('/posts') | ||
|
|
||
| @app.before_request | ||
| def before_request(): | ||
| g.session = libsession.load(request) | ||
|
|
||
| @app.after_request | ||
| def add_csp_headers(response): | ||
| if csp: | ||
| response.headers['Content-Security-Policy'] = csp | ||
| return response | ||
|
|
||
|
|
||
| app.run(debug=True, host='127.0.1.1', port=5000, extra_files='csp.txt') |
Check warning
Code scanning / checkov
Active Debug Code
| app = Flask('vulpy') | ||
| app.config['SECRET_KEY'] = 'aaaaaaa' | ||
|
|
||
| app.register_blueprint(mod_hello, url_prefix='/hello') | ||
| app.register_blueprint(mod_user, url_prefix='/user') | ||
| app.register_blueprint(mod_posts, url_prefix='/posts') | ||
| app.register_blueprint(mod_mfa, url_prefix='/mfa') | ||
|
|
||
|
|
||
| @app.route('/') | ||
| def do_home(): | ||
| return redirect('/posts') | ||
|
|
||
| @app.before_request | ||
| def before_request(): | ||
| g.session = libsession.load(request) | ||
|
|
||
| app.run(debug=True, host='127.0.1.1', ssl_context=('/tmp/acme.cert', '/tmp/acme.key')) |
Check warning
Code scanning / checkov
Active Debug Code
No description provided.