CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
        • Airflow
        • Attr
        • Aws-lambda
        • Bokeh
        • Boto3
        • Cassandra
        • Click
        • Correctness
        • Couchbase
        • Cryptography
        • Distributed
        • Django
          • Ai
          • Best practice
          • Compatibility
          • Correctness
          • Deserialization
          • Maintainability
          • Performance
          • Security
          • Security
            • Audit
            • Audit
            • Injection
            • Injection
              • Code
              • Command
              • Email
              • Path traversal
              • Sql
              • Ssrf
            • Passwords
        • Docker
        • Elasticsearch
        • Fastapi
        • Flask
        • Jinja2
        • Jwt
        • Lang
        • Ldap3
        • Mariadb
        • Mysql
        • Mysqlclient
        • Neo4j
        • Openai
        • Peewee
        • Pg8000
        • Psycopg2
        • Pycryptodome
        • Pyjwt
        • Pymongo
        • Pymssql
        • Pymysql
        • Pyramid
        • Redis
        • Requests
        • Sh
        • Sqlalchemy
        • Tormysql
        • Urllib3
        • Webrepl
        • Wtforms
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Injection

    Code

    Found user data in a call to ‘eval’. This is extremely dangerous because it can enable an attacker to execute remote code. See https://owasp.org/www-community/attacks/Code_Injection for more information.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    Found user data in a call to ‘exec’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    Found user data in a call to ‘exec’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    Found request data as an index to ‘globals()’. This is extremely dangerous because it allows an attacker to execute arbitrary code on the system. Refactor your code not to use ‘globals()’.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-96: Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
    OWASP:
    - A03:2021 - Injection

    Found user data in a call to ‘eval’. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use ‘eval’ and instead use a safe library for the specific functionality you need.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
    OWASP:
    - A03:2021 - Injection

    InjectionCommand
    twitterlinkedin
    Powered by Mintlify