Network
disabled-cert-validation
disabled-cert-validation
certificate verification explicitly disabled, insecure connections possible
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-295: Improper Certificate Validation
OWASP:
- A03:2017 - Sensitive Data Exposure
- A07:2021 - Identification and Authentication Failures
avoid-bind-to-all-interfaces
avoid-bind-to-all-interfaces
Running socket.bind
to 0.0.0.0, or empty string could unexpectedly expose the server publicly as it binds to all available interfaces. Consider instead getting correct address from an environment variable or configuration file.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
http-not-https-connection
http-not-https-connection
Detected HTTPConnectionPool. This will transmit data in cleartext. It is recommended to use HTTPSConnectionPool instead for to encrypt communications.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures