Detected cryptographically insecure hashing function Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 3
- 2
- 8
- :
-
- U
- s
- e
-
- o
- f
-
- W
- e
- a
- k
-
- H
- a
- s
- h
unsafe-usage
Detected ‘unsafe’ usage, please audit for secure usage Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 2
- 4
- 2
- :
-
- U
- s
- e
-
- o
- f
-
- I
- n
- h
- e
- r
- e
- n
- t
- l
- y
-
- D
- a
- n
- g
- e
- r
- o
- u
- s
-
- F
- u
- n
- c
- t
- i
- o
- n
current-exe
current_exe should not be used for security operations. From the docs: “The output of this function should not be trusted for anything that might have security implications. Basically, if users can run the executable, they can change the output arbitrarily.” Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
reqwest-accept-invalid
Dangerously accepting invalid TLS information Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
ssl-verify-none
SSL verification disabled, this allows for MitM attacks Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
temp-dir
temp_dir should not be used for security operations. From the docs: ‘The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file. Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.‘ Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
args
args should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.” Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
reqwest-set-sensitive
Set sensitive flag on security headers with ‘set_sensitive’ to treat data with special care Likelihood: LOW Confidence: MEDIUM CWE: - C
- W
- E
- -
- 9
- 2
- 1
- :
-
- S
- t
- o
- r
- a
- g
- e
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- i
- n
-
- a
-
- M
- e
- c
- h
- a
- n
- i
- s
- m
-
- w
- i
- t
- h
- o
- u
- t
-
- A
- c
- c
- e
- s
- s
-
- C
- o
- n
- t
- r
- o
- l
args-os
args_os should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.” Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
rustls-dangerous
Dangerous client config used, ensure SSL verification Likelihood: LOW Confidence: HIGH CWE: - C
- W
- E
- -
- 2
- 9
- 5
- :
-