CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
        • Actix
        • Hyper
        • Lang
          • Security
        • Rocket
        • Secrets
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Lang

    Security

    Detected cryptographically insecure hashing function
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 3
    - 2
    - 8
    - :
    -

    - U
    - s
    - e
    -

    - o
    - f
    -

    - W
    - e
    - a
    - k
    -

    - H
    - a
    - s
    - h

    Detected ‘unsafe’ usage, please audit for secure usage
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 2
    - 4
    - 2
    - :
    -

    - U
    - s
    - e
    -

    - o
    - f
    -

    - I
    - n
    - h
    - e
    - r
    - e
    - n
    - t
    - l
    - y
    -

    - D
    - a
    - n
    - g
    - e
    - r
    - o
    - u
    - s
    -

    - F
    - u
    - n
    - c
    - t
    - i
    - o
    - n

    current_exe should not be used for security operations. From the docs: “The output of this function should not be trusted for anything that might have security implications. Basically, if users can run the executable, they can change the output arbitrarily.”
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 8
    - 0
    - 7
    - :
    -

    - R
    - e
    - l
    - i
    - a
    - n
    - c
    - e
    -

    - o
    - n
    -

    - U
    - n
    - t
    - r
    - u
    - s
    - t
    - e
    - d
    -

    - I
    - n
    - p
    - u
    - t
    - s
    -

    - i
    - n
    -

    - a
    -

    - S
    - e
    - c
    - u
    - r
    - i
    - t
    - y
    -

    - D
    - e
    - c
    - i
    - s
    - i
    - o
    - n

    Dangerously accepting invalid TLS information
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 2
    - 9
    - 5
    - :
    -

    - I
    - m
    - p
    - r
    - o
    - p
    - e
    - r
    -

    - C
    - e
    - r
    - t
    - i
    - f
    - i
    - c
    - a
    - t
    - e
    -

    - V
    - a
    - l
    - i
    - d
    - a
    - t
    - i
    - o
    - n

    SSL verification disabled, this allows for MitM attacks
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 2
    - 9
    - 5
    - :
    -

    - I
    - m
    - p
    - r
    - o
    - p
    - e
    - r
    -

    - C
    - e
    - r
    - t
    - i
    - f
    - i
    - c
    - a
    - t
    - e
    -

    - V
    - a
    - l
    - i
    - d
    - a
    - t
    - i
    - o
    - n

    temp_dir should not be used for security operations. From the docs: ‘The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file. Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.‘
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 8
    - 0
    - 7
    - :
    -

    - R
    - e
    - l
    - i
    - a
    - n
    - c
    - e
    -

    - o
    - n
    -

    - U
    - n
    - t
    - r
    - u
    - s
    - t
    - e
    - d
    -

    - I
    - n
    - p
    - u
    - t
    - s
    -

    - i
    - n
    -

    - a
    -

    - S
    - e
    - c
    - u
    - r
    - i
    - t
    - y
    -

    - D
    - e
    - c
    - i
    - s
    - i
    - o
    - n

    args should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 8
    - 0
    - 7
    - :
    -

    - R
    - e
    - l
    - i
    - a
    - n
    - c
    - e
    -

    - o
    - n
    -

    - U
    - n
    - t
    - r
    - u
    - s
    - t
    - e
    - d
    -

    - I
    - n
    - p
    - u
    - t
    - s
    -

    - i
    - n
    -

    - a
    -

    - S
    - e
    - c
    - u
    - r
    - i
    - t
    - y
    -

    - D
    - e
    - c
    - i
    - s
    - i
    - o
    - n

    Set sensitive flag on security headers with ‘set_sensitive’ to treat data with special care
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - C
    - W
    - E
    - -
    - 9
    - 2
    - 1
    - :
    -

    - S
    - t
    - o
    - r
    - a
    - g
    - e
    -

    - o
    - f
    -

    - S
    - e
    - n
    - s
    - i
    - t
    - i
    - v
    - e
    -

    - D
    - a
    - t
    - a
    -

    - i
    - n
    -

    - a
    -

    - M
    - e
    - c
    - h
    - a
    - n
    - i
    - s
    - m
    -

    - w
    - i
    - t
    - h
    - o
    - u
    - t
    -

    - A
    - c
    - c
    - e
    - s
    - s
    -

    - C
    - o
    - n
    - t
    - r
    - o
    - l

    args_os should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 8
    - 0
    - 7
    - :
    -

    - R
    - e
    - l
    - i
    - a
    - n
    - c
    - e
    -

    - o
    - n
    -

    - U
    - n
    - t
    - r
    - u
    - s
    - t
    - e
    - d
    -

    - I
    - n
    - p
    - u
    - t
    - s
    -

    - i
    - n
    -

    - a
    -

    - S
    - e
    - c
    - u
    - r
    - i
    - t
    - y
    -

    - D
    - e
    - c
    - i
    - s
    - i
    - o
    - n

    Dangerous client config used, ensure SSL verification
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - C
    - W
    - E
    - -
    - 2
    - 9
    - 5
    - :
    -

    - I
    - m
    - p
    - r
    - o
    - p
    - e
    - r
    -

    - C
    - e
    - r
    - t
    - i
    - f
    - i
    - c
    - a
    - t
    - e
    -

    - V
    - a
    - l
    - i
    - d
    - a
    - t
    - i
    - o
    - n

    Reqwest taintRust rocket command injection
    twitterlinkedin
    Powered by Mintlify