Security
insecure-hashes
insecure-hashes
Detected cryptographically insecure hashing function
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 2
- 8
- :
-
- U
- s
- e
-
- o
- f
-
- W
- e
- a
- k
-
- H
- a
- s
- h
unsafe-usage
unsafe-usage
Detected ‘unsafe’ usage, please audit for secure usage
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 4
- 2
- :
-
- U
- s
- e
-
- o
- f
-
- I
- n
- h
- e
- r
- e
- n
- t
- l
- y
-
- D
- a
- n
- g
- e
- r
- o
- u
- s
-
- F
- u
- n
- c
- t
- i
- o
- n
current-exe
current-exe
current_exe should not be used for security operations. From the docs: “The output of this function should not be trusted for anything that might have security implications. Basically, if users can run the executable, they can change the output arbitrarily.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
reqwest-accept-invalid
reqwest-accept-invalid
Dangerously accepting invalid TLS information
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
ssl-verify-none
ssl-verify-none
SSL verification disabled, this allows for MitM attacks
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n
temp-dir
temp-dir
temp_dir should not be used for security operations. From the docs: ‘The temporary directory may be shared among users, or between processes with different privileges; thus, the creation of any files or directories in the temporary directory must use a secure method to create a uniquely named file. Creating a file or directory with a fixed or predictable name may result in “insecure temporary file” security vulnerabilities.‘
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
args
args
args should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
reqwest-set-sensitive
reqwest-set-sensitive
Set sensitive flag on security headers with ‘set_sensitive’ to treat data with special care
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 9
- 2
- 1
- :
-
- S
- t
- o
- r
- a
- g
- e
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- i
- n
-
- a
-
- M
- e
- c
- h
- a
- n
- i
- s
- m
-
- w
- i
- t
- h
- o
- u
- t
-
- A
- c
- c
- e
- s
- s
-
- C
- o
- n
- t
- r
- o
- l
args-os
args-os
args_os should not be used for security operations. From the docs: “The first element is traditionally the path of the executable, but it can be set to arbitrary text, and might not even exist. This means this property should not be relied upon for security purposes.”
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 0
- 7
- :
-
- R
- e
- l
- i
- a
- n
- c
- e
-
- o
- n
-
- U
- n
- t
- r
- u
- s
- t
- e
- d
-
- I
- n
- p
- u
- t
- s
-
- i
- n
-
- a
-
- S
- e
- c
- u
- r
- i
- t
- y
-
- D
- e
- c
- i
- s
- i
- o
- n
rustls-dangerous
rustls-dangerous
Dangerous client config used, ensure SSL verification
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 9
- 5
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- C
- e
- r
- t
- i
- f
- i
- c
- a
- t
- e
-
- V
- a
- l
- i
- d
- a
- t
- i
- o
- n