Security

Detected cryptographically insecure hashing function
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 2
- 8
- :
-

- U
- s
- e
-

- o
- f
-

- W
- e
- a
- k
-

- H
- a
- s
- h

Detected ‘unsafe’ usage, please audit for secure usage
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 4
- 2
- :
-

- U
- s
- e
-

- o
- f
-

- I
- n
- h
- e
- r
- e
- n
- t
- l
- y
-

- D
- a
- n
- g
- e
- r
- o
- u
- s
-

- F
- u
- n
- c
- t
- i
- o
- n

current_exe should not be used for security operations. From the docs: “The output of this function should not be trusted for anything that might have security implications. Basically, if users can run the executable, they can change the output arbitrarily.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-

- R
- e
- l
- i
- a
- n
- c
- e
-

- o
- n
-

- U
- n
- t
- r
- u
- s
- t
- e
- d
-

- I
- n
- p
- u
- t
- s
-

- i
- n
-

- a
-

- S
- e
- c
- u
- r
- i
- t
- y
-

- D
- e
- c
- i
- s
- i
- o
- n

Dangerously accepting invalid TLS information
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-

- I
- m
- p
- r
- o
- p
- e
- r
-

- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-

- V
- a
- l
- i
- d
- a
- t
- i
- o
- n

SSL verification disabled, this allows for MitM attacks
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-

- I
- m
- p
- r
- o
- p
- e
- r
-

- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-

- V
- a
- l
- i
- d
- a
- t
- i
- o
- n

temp_dir should not be used for security operations. From the docs: ‘The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file. Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.‘
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-

- R
- e
- l
- i
- a
- n
- c
- e
-

- o
- n
-

- U
- n
- t
- r
- u
- s
- t
- e
- d
-

- I
- n
- p
- u
- t
- s
-

- i
- n
-

- a
-

- S
- e
- c
- u
- r
- i
- t
- y
-

- D
- e
- c
- i
- s
- i
- o
- n

args should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-

- R
- e
- l
- i
- a
- n
- c
- e
-

- o
- n
-

- U
- n
- t
- r
- u
- s
- t
- e
- d
-

- I
- n
- p
- u
- t
- s
-

- i
- n
-

- a
-

- S
- e
- c
- u
- r
- i
- t
- y
-

- D
- e
- c
- i
- s
- i
- o
- n

Set sensitive flag on security headers with ‘set_sensitive’ to treat data with special care
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 9
- 2
- 1
- :
-

- S
- t
- o
- r
- a
- g
- e
-

- o
- f
-

- S
- e
- n
- s
- i
- t
- i
- v
- e
-

- D
- a
- t
- a
-

- i
- n
-

- a
-

- M
- e
- c
- h
- a
- n
- i
- s
- m
-

- w
- i
- t
- h
- o
- u
- t
-

- A
- c
- c
- e
- s
- s
-

- C
- o
- n
- t
- r
- o
- l

args_os should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-

- R
- e
- l
- i
- a
- n
- c
- e
-

- o
- n
-

- U
- n
- t
- r
- u
- s
- t
- e
- d
-

- I
- n
- p
- u
- t
- s
-

- i
- n
-

- a
-

- S
- e
- c
- u
- r
- i
- t
- y
-

- D
- e
- c
- i
- s
- i
- o
- n

Dangerous client config used, ensure SSL verification
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-

- I
- m
- p
- r
- o
- p
- e
- r
-

- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-

- V
- a
- l
- i
- d
- a
- t
- i
- o
- n