report.md

🔍 CodeSentry Vulnerability Report

Session: 5b257496-f677-4004-8d5f-cc23c19295cd
Date: 2026-03-08
Project: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox

---

📊 Executive Summary

Executive summary

A recent security assessment of the codebase (covering 9 files across C, JavaScript, and Python) found a total of 192 vulnerabilities, including 30 critical and 106 high severity issues. Notably, 20 findings were fuzz‑confirmed, and the most frequent finding is repeated instances of shell injection (command execution) in multiple locations. The density and severity of these findings indicate an elevated likelihood of an exploitable breach if left unaddressed.

From a business-risk perspective, the primary concerns are immediate service compromise, data exfiltration, and downstream regulatory and reputational damage. The presence of many high/critical issues — several of which are command‑execution related — materially increases probability of remote code execution and full system takeover. That translates directly into potential operational downtime, customer impact, incident response and remediation costs, and exposure to compliance fines or contractual penalties.

Root cause patterns are straightforward and actionable: unsafe handling of input that reaches shell/OS interfaces and insufficient defensive controls across a small set of components. Because the issues concentrate in a limited number of files and repeat across languages, remediation can be efficient if prioritized correctly; however, delay increases both likelihood and impact of a breach.

Next steps (clear, prioritized actions)

• Immediate (next 72 hours): Triage and contain — assign engineering owners, temporarily disable or isolate affected services where feasible, add short‑term compensating controls (input filtering, denylist, stricter execution privileges), and monitor/alert for anomalous activity.
• Short term (2–4 weeks): Remediate the top risks — fix the 30 critical and highest‑impact shell injection instances first, apply secure coding patterns (parameterized execution, validated inputs), and patch/update affected components. Prioritize the 20 fuzz‑confirmed issues for verification.
• Medium term (1–3 months): Improve prevention — integrate automated scanning into CI, expand fuzz testing, conduct code reviews, enforce least privilege, and train engineering teams on secure handling of OS/command interfaces.
• Verification and governance: Retest fixed code, close validated issues, and update risk owners and stakeholders with a remediation timeline and residual risk acceptance decisions.

I recommend convening a cross‑functional incident/response and engineering working session within 48 hours to agree owners, timelines, and immediate containment measures.

---

📈 Statistics

Metric	Value
Total Files Analyzed	9
Total Vulnerabilities	192
🔴 Critical	30
🟠 High	106
🟡 Medium	19
🟢 Low	18
✅ Fuzz Confirmed	20
Languages	c, javascript, python

---

✅ Verification & Validation Summary

Verification Method	Count
📋 Pattern Match	105
🔍 Static Analysis	67
⚠️ File Has Confirmed Vulns	20

---

🔒 Vulnerabilities

1. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	29
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      27 |     def ping_host(hostname: str) -> str:
      28 |         """COMMAND INJECTION: os.system with user input."""
>>>   29 |         os.system(f"ping -c 4 {hostname}")
      30 |         return f"Pinged {hostname}"
      31 | 
      32 |     @staticmethod
      33 |     def traceroute(target: str) -> str:
      34 |         """COMMAND INJECTION: os.system with string concatenation."""

---

2. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	36
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      34 |         """COMMAND INJECTION: os.system with string concatenation."""
      35 |         cmd = "traceroute " + target
>>>   36 |         os.system(cmd)
      37 |         return f"Traced route to {target}"
      38 | 
      39 |     @staticmethod
      40 |     def dns_lookup(domain: str) -> str:
      41 |         """COMMAND INJECTION: subprocess with shell=True."""

---

3. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	42
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

subprocess.call(f"nslookup {domain}", shell=True

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      40 |     def dns_lookup(domain: str) -> str:
      41 |         """COMMAND INJECTION: subprocess with shell=True."""
>>>   42 |         result = subprocess.call(f"nslookup {domain}", shell=True)
      43 |         return str(result)
      44 | 
      45 |     @staticmethod
      46 |     def network_scan(ip_range: str, ports: str) -> str:
      47 |         """COMMAND INJECTION: subprocess.call with shell=True and multiple user inputs."""

---

4. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	49
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

subprocess.call(cmd, shell=True

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      47 |         """COMMAND INJECTION: subprocess.call with shell=True and multiple user inputs."""
      48 |         cmd = f"nmap -sS -p {ports} {ip_range}"
>>>   49 |         result = subprocess.call(cmd, shell=True)
      50 |         return str(result)
      51 | 
      52 | 
      53 | # ═══════════════════════════════════════════════════════════════
      54 | # File operations — path traversal + command injection

---

5. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	70
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      68 |         """COMMAND INJECTION: user filename in os.system."""
      69 |         output = f"/tmp/{filename}.tar.gz"
>>>   70 |         os.system(f"tar czf {output} {self.base_dir}/{filename}")
      71 |         return output
      72 | 
      73 |     def file_info(self, filepath: str) -> dict:
      74 |         """COMMAND INJECTION: user path in subprocess with shell=True."""
      75 |         result = subprocess.call(f"file {filepath} && stat {filepath}", shell=True)

---

6. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	75
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

subprocess.call(f"file {filepath} && stat {filepath}", shell=True

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      73 |     def file_info(self, filepath: str) -> dict:
      74 |         """COMMAND INJECTION: user path in subprocess with shell=True."""
>>>   75 |         result = subprocess.call(f"file {filepath} && stat {filepath}", shell=True)
      76 |         return {"path": filepath, "status": result}
      77 | 
      78 |     def search_in_files(self, pattern: str, directory: str) -> str:
      79 |         """COMMAND INJECTION: grep with user-controlled pattern and directory."""
      80 |         cmd = f"grep -r '{pattern}' {directory}"

---

7. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	81
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      79 |         """COMMAND INJECTION: grep with user-controlled pattern and directory."""
      80 |         cmd = f"grep -r '{pattern}' {directory}"
>>>   81 |         os.system(cmd)
      82 |         return f"Searched for {pattern} in {directory}"
      83 | 
      84 |     def list_directory(self, path: str) -> list[str]:
      85 |         """COMMAND INJECTION: ls via os.system."""
      86 |         os.system(f"ls -la {path}")

---

8. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	86
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      84 |     def list_directory(self, path: str) -> list[str]:
      85 |         """COMMAND INJECTION: ls via os.system."""
>>>   86 |         os.system(f"ls -la {path}")
      87 |         return []
      88 | 
      89 | 
      90 | # ═══════════════════════════════════════════════════════════════
      91 | # Git operations — command injection via branch/commit names

---

9. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	100
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      98 |     def checkout_branch(self, branch_name: str) -> str:
      99 |         """COMMAND INJECTION: branch name in os.system."""
>>>  100 |         os.system(f"cd {self.repo_path} && git checkout {branch_name}")
     101 |         return f"Checked out {branch_name}"
     102 | 
     103 |     def clone_repo(self, repo_url: str, dest: str) -> str:
     104 |         """COMMAND INJECTION + SSRF: user-controlled URL in git clone."""
     105 |         os.system(f"git clone {repo_url} {dest}")

---

10. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	105
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     103 |     def clone_repo(self, repo_url: str, dest: str) -> str:
     104 |         """COMMAND INJECTION + SSRF: user-controlled URL in git clone."""
>>>  105 |         os.system(f"git clone {repo_url} {dest}")
     106 |         return f"Cloned {repo_url} to {dest}"
     107 | 
     108 |     def view_diff(self, commit_a: str, commit_b: str) -> str:
     109 |         """COMMAND INJECTION: commit hashes in shell command."""
     110 |         cmd = f"git -C {self.repo_path} diff {commit_a}..{commit_b}"

---

11. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	111
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

subprocess.call(cmd, shell=True

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     109 |         """COMMAND INJECTION: commit hashes in shell command."""
     110 |         cmd = f"git -C {self.repo_path} diff {commit_a}..{commit_b}"
>>>  111 |         result = subprocess.call(cmd, shell=True)
     112 |         return str(result)
     113 | 
     114 |     def get_log(self, author: str, count: int = 10) -> str:
     115 |         """COMMAND INJECTION: author name in git log."""
     116 |         os.system(f"git -C {self.repo_path} log --author='{author}' -n {count}")

---

12. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	116
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     114 |     def get_log(self, author: str, count: int = 10) -> str:
     115 |         """COMMAND INJECTION: author name in git log."""
>>>  116 |         os.system(f"git -C {self.repo_path} log --author='{author}' -n {count}")
     117 |         return "Done"
     118 | 
     119 | 
     120 | # ═══════════════════════════════════════════════════════════════
     121 | # Docker management — command injection via container/image names

---

13. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	129
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     127 |         """COMMAND INJECTION: user-controlled image and command in docker run."""
     128 |         env_flags = " ".join(f"-e {k}={v}" for k, v in env_vars.items())
>>>  129 |         os.system(f"docker run {env_flags} {image} {command}")
     130 |         return f"Started {image}"
     131 | 
     132 |     @staticmethod
     133 |     def exec_in_container(container_id: str, cmd: str) -> str:
     134 |         """COMMAND INJECTION: arbitrary command exec in container."""

---

14. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	135
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     133 |     def exec_in_container(container_id: str, cmd: str) -> str:
     134 |         """COMMAND INJECTION: arbitrary command exec in container."""
>>>  135 |         os.system(f"docker exec {container_id} {cmd}")
     136 |         return f"Executed in {container_id}"
     137 | 
     138 |     @staticmethod
     139 |     def build_image(dockerfile_path: str, tag: str) -> str:
     140 |         """COMMAND INJECTION: user-controlled dockerfile path and tag."""

---

15. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	141
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     139 |     def build_image(dockerfile_path: str, tag: str) -> str:
     140 |         """COMMAND INJECTION: user-controlled dockerfile path and tag."""
>>>  141 |         os.system(f"docker build -f {dockerfile_path} -t {tag} .")
     142 |         return f"Built {tag}"
     143 | 
     144 | 
     145 | # ═══════════════════════════════════════════════════════════════
     146 | # Backup/restore — command injection + path traversal

---

16. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	154
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     152 |         """COMMAND INJECTION: user-controlled db name and output path."""
     153 |         cmd = f"pg_dump {db_name} > {output_dir}/{db_name}_backup.sql"
>>>  154 |         os.system(cmd)
     155 |         return f"Backup saved to {output_dir}/{db_name}_backup.sql"
     156 | 
     157 |     @staticmethod
     158 |     def restore_backup(backup_path: str, db_name: str) -> str:
     159 |         """COMMAND INJECTION: arbitrary file path in psql command."""

---

17. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	160
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     158 |     def restore_backup(backup_path: str, db_name: str) -> str:
     159 |         """COMMAND INJECTION: arbitrary file path in psql command."""
>>>  160 |         os.system(f"psql {db_name} < {backup_path}")
     161 |         return f"Restored {backup_path} to {db_name}"
     162 | 
     163 |     @staticmethod
     164 |     def download_and_extract(url: str, dest: str) -> str:
     165 |         """COMMAND INJECTION + SSRF: wget with user-controlled URL."""

---

18. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	166
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     164 |     def download_and_extract(url: str, dest: str) -> str:
     165 |         """COMMAND INJECTION + SSRF: wget with user-controlled URL."""
>>>  166 |         os.system(f"wget -q {url} -O /tmp/archive.tar.gz && tar xzf /tmp/archive.tar.gz -C {dest}")
     167 |         return f"Downloaded and extracted to {dest}"
     168 | 
     169 | 
     170 | # ═══════════════════════════════════════════════════════════════
     171 | # Cron/scheduling — command injection via scheduled tasks

---

19. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	178
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     176 |     def add_cron_job(schedule: str, command: str) -> str:
     177 |         """COMMAND INJECTION: user-provided cron schedule and command."""
>>>  178 |         os.system(f'(crontab -l; echo "{schedule} {command}") | crontab -')
     179 |         return f"Scheduled: {schedule} {command}"
     180 | 
     181 |     @staticmethod
     182 |     def run_script(script_path: str, args: str = "") -> str:
     183 |         """COMMAND INJECTION: arbitrary script execution."""

---

20. 🟠 [HIGH] shell_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	command_injection.py
Line(s)	184
Verification	⚠️ File Has Confirmed Vulns
Discovery	dangerous_func
Confidence	0.75

Explanation

os.system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

     182 |     def run_script(script_path: str, args: str = "") -> str:
     183 |         """COMMAND INJECTION: arbitrary script execution."""
>>>  184 |         os.system(f"bash {script_path} {args}")
     185 |         return f"Ran {script_path}"
     186 | 

---

21. 🔴 [CRITICAL] aws_access_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	17
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

AKIAIOSFODNN7EXAMPLE

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      15 | # ═══════════════════════════════════════════════════════════════
      16 | 
>>>   17 | AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
      18 | AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
      19 | AWS_REGION = "us-east-1"
      20 | AWS_S3_BUCKET = "my-production-bucket"
      21 | 
      22 | aws_config = {

---

22. 🔴 [CRITICAL] aws_access_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	23
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

AKIAIOSFODNN7EXAMPLE

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      21 | 
      22 | aws_config = {
>>>   23 |     "access_key": "AKIAIOSFODNN7EXAMPLE",
      24 |     "aws_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
      25 |     "region": "eu-west-1",
      26 | }
      27 | 
      28 | 

---

23. 🔴 [CRITICAL] aws_secret_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	18
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      16 | 
      17 | AWS_ACCESS_KEY_ID = "AKIAIOSFODNN7EXAMPLE"
>>>   18 | AWS_SECRET_ACCESS_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
      19 | AWS_REGION = "us-east-1"
      20 | AWS_S3_BUCKET = "my-production-bucket"
      21 | 
      22 | aws_config = {
      23 |     "access_key": "AKIAIOSFODNN7EXAMPLE",

---

24. 🔴 [CRITICAL] aws_secret_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	24
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

aws_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      22 | aws_config = {
      23 |     "access_key": "AKIAIOSFODNN7EXAMPLE",
>>>   24 |     "aws_secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
      25 |     "region": "eu-west-1",
      26 | }
      27 | 
      28 | 
      29 | # ═══════════════════════════════════════════════════════════════

---

25. 🔴 [CRITICAL] private_key_pem

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	112
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

-----BEGIN RSA PRIVATE KEY-----

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     110 | # ═══════════════════════════════════════════════════════════════
     111 | 
>>>  112 | PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
     113 | MIIEpAIBAAKCAQEA0Z3VS5JJcds3xfn/ygWeh2sMqFMNZ5JmYEJP863ohE9sGET1
     114 | aB5E7CFSN3K5LBxM2MjEcLY9BMV9MnQdQKkRFGBY0WdFGWk8xge7dCml3IqCB8M
     115 | k5PslBPBG5htMeU/cGTdykJ7UNjBQEpxA0M5RmDfM3C4CKFRBBjNOBpwvBYx+YE
     116 | +kFL0cD9jCpN+gJMlUYvXT3wH+3b/GJhiHU1p4RoYc8YUa+5ZDVN2m+iiWJ1fkf
     117 | BYLjJ/i5MBDSYPzHiTt/tnMiRqoaaMaSSB8xPF4T37UjConxS4ILBJGo0PaV3o01

---

26. 🔴 [CRITICAL] jwt_token

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	102
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     100 | JWT_SECRET = "my_jwt_signing_secret_key_never_share_this_value"
     101 | secret_key = "ThisIsMyAppSecretKeyForEncryption2024!"
>>>  102 | auth_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
     103 | 
     104 | # OAuth2 credentials
     105 | OAUTH_CLIENT_SECRET = "dGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQ="
     106 | 
     107 | 

---

27. 🔴 [CRITICAL] generic_password

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	33
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

PASSWORD = "SuperSecretP@ssw0rd!2024"

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      31 | # ═══════════════════════════════════════════════════════════════
      32 | 
>>>   33 | DB_PASSWORD = "SuperSecretP@ssw0rd!2024"
      34 | DB_HOST = "prod-db.internal.corp"
      35 | 
      36 | # PostgreSQL connection with embedded password
      37 | DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd!2024@prod-db.internal.corp:5432/production_db"
      38 | 

---

28. 🔴 [CRITICAL] generic_password

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	131
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

password = "ProductionDB!Pass#2024"

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     129 | 
     130 |     def __init__(self):
>>>  131 |         self.db_password = "ProductionDB!Pass#2024"
     132 |         self.api_secret = "sk-api-secret-key-that-should-not-be-hardcoded-abc123"
     133 |         self.stripe_secret = "sk_live_51MqFi3ABC123456789XYZsecretkey"
     134 | 
     135 |     def get_db_url(self) -> str:
     136 |         return f"postgresql://app_user:{self.db_password}@db.prod.internal:5432/main"

---

29. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	37
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

postgresql://admin:SuperSecretP@ssw0rd!2024@prod-db.internal.corp:5432/production_db

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      35 | 
      36 | # PostgreSQL connection with embedded password
>>>   37 | DATABASE_URL = "postgresql://admin:SuperSecretP@ssw0rd!2024@prod-db.internal.corp:5432/production_db"
      38 | 
      39 | # MongoDB connection with credentials
      40 | MONGO_URI = "mongodb+srv://admin:mongoDBp@ss123@cluster0.abc123.mongodb.net/myapp?retryWrites=true"
      41 | 
      42 | # MySQL connection string

---

30. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	43
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

mysql://root:mysql_root_2024@db-primary.internal:3306/shopdb

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      41 | 
      42 | # MySQL connection string
>>>   43 | MYSQL_URL = "mysql://root:mysql_root_2024@db-primary.internal:3306/shopdb"
      44 | 
      45 | # Redis with auth
      46 | REDIS_URL = "redis://:redis_secure_token_abc123@cache.internal:6379/0"
      47 | 
      48 | # SQLite path (not a secret itself, but demonstrates pattern)

---

31. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	46
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

redis://:redis_secure_token_abc123@cache.internal:6379/0

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      44 | 
      45 | # Redis with auth
>>>   46 | REDIS_URL = "redis://:redis_secure_token_abc123@cache.internal:6379/0"
      47 | 
      48 | # SQLite path (not a secret itself, but demonstrates pattern)
      49 | SQLITE_PATH = "sqlite:///var/data/app.db"
      50 | 
      51 | db_configs = {

---

32. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	136
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

postgresql://app_user:{self.db_password}@db.prod.internal:5432/main

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     134 | 
     135 |     def get_db_url(self) -> str:
>>>  136 |         return f"postgresql://app_user:{self.db_password}@db.prod.internal:5432/main"
     137 | 
     138 |     def get_redis_url(self) -> str:
     139 |         return "redis://:cache_password_2024@redis.prod.internal:6379/0"
     140 | 
     141 |     def get_headers(self) -> dict:

---

33. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	139
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

redis://:cache_password_2024@redis.prod.internal:6379/0

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     137 | 
     138 |     def get_redis_url(self) -> str:
>>>  139 |         return "redis://:cache_password_2024@redis.prod.internal:6379/0"
     140 | 
     141 |     def get_headers(self) -> dict:
     142 |         return {
     143 |             "Authorization": f"Bearer {self.api_secret}",
     144 |             "X-API-Key": "a1b2c3d4e5f6g7h8i9j0k1l2",

---

34. 🔴 [CRITICAL] db_connection

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	157
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

postgresql://admin:FallbackPa$$w0rd@localhost:5432/dev

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     155 |     """Config with hardcoded fallback secrets."""
     156 |     return {
>>>  157 |         "db_url": os.getenv("DATABASE_URL", "postgresql://admin:FallbackPa$$w0rd@localhost:5432/dev"),
     158 |         "secret_key": os.getenv("SECRET_KEY", "default-secret-key-for-development-only-abc123def"),
     159 |         "api_key": os.getenv("API_KEY", "api_key='fallback_api_key_12345678901234567890'"),
     160 |     }
     161 | 

---

35. 🔴 [CRITICAL] generic_api_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	82
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

API_KEY = "AIzaSyB-abc123def456ghi789jkl012mno345p"

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      80 | 
      81 | GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678"
>>>   82 | GOOGLE_API_KEY = "AIzaSyB-abc123def456ghi789jkl012mno345p"
      83 | OPENAI_API_KEY = "sk-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234567890ABC"
      84 | 
      85 | GENERIC_API_TOKEN = "api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'"
      86 | SLACK_BOT_TOKEN = "xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv"
      87 | SENDGRID_API_KEY = "SG.abcdefghijklmnopqrstuvwxyz.ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AB"

---

36. 🔴 [CRITICAL] generic_api_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	83
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

API_KEY = "sk-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234567890ABC"

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      81 | GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678"
      82 | GOOGLE_API_KEY = "AIzaSyB-abc123def456ghi789jkl012mno345p"
>>>   83 | OPENAI_API_KEY = "sk-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234567890ABC"
      84 | 
      85 | GENERIC_API_TOKEN = "api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'"
      86 | SLACK_BOT_TOKEN = "xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv"
      87 | SENDGRID_API_KEY = "SG.abcdefghijklmnopqrstuvwxyz.ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AB"
      88 | 

---

37. 🔴 [CRITICAL] generic_api_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	85
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      83 | OPENAI_API_KEY = "sk-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234567890ABC"
      84 | 
>>>   85 | GENERIC_API_TOKEN = "api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'"
      86 | SLACK_BOT_TOKEN = "xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv"
      87 | SENDGRID_API_KEY = "SG.abcdefghijklmnopqrstuvwxyz.ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AB"
      88 | 
      89 | api_keys = {
      90 |     "maps": "AIzaSyB-abc123def456ghi789jkl012mno345p",

---

38. 🔴 [CRITICAL] generic_api_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	159
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

api_key='fallback_api_key_12345678901234567890'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     157 |         "db_url": os.getenv("DATABASE_URL", "postgresql://admin:FallbackPa$$w0rd@localhost:5432/dev"),
     158 |         "secret_key": os.getenv("SECRET_KEY", "default-secret-key-for-development-only-abc123def"),
>>>  159 |         "api_key": os.getenv("API_KEY", "api_key='fallback_api_key_12345678901234567890'"),
     160 |     }
     161 | 

---

39. 🔴 [CRITICAL] google_api_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	90
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

AIzaSyB-abc123def456ghi789jkl012mno345p

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      88 | 
      89 | api_keys = {
>>>   90 |     "maps": "AIzaSyB-abc123def456ghi789jkl012mno345p",
      91 |     "github": "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678",
      92 |     "api_key": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
      93 | }
      94 | 
      95 | 

---

40. 🔴 [CRITICAL] stripe_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	69
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

sk_live_51MqFi3ABC123456789XYZab

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      67 | # ═══════════════════════════════════════════════════════════════
      68 | 
>>>   69 | STRIPE_SECRET_KEY = "sk_live_51MqFi3ABC123456789XYZabcdefghijk"
      70 | STRIPE_PUBLISHABLE_KEY = "pk_live_51MqFi3ABC123456789XYZpublish"
      71 | stripe_secret = "sk_live_4eC39HqLyjWDarjtT1zdp7dCKEY"
      72 | 
      73 | PAYPAL_CLIENT_ID = "AZDxjDScFpQtjWTOUtWKbyN_bDt4OgqaF4F"
      74 | PAYPAL_SECRET = "EGnHDxD_qRPdaLdZz8iCr8N7_MzF-YHPTkjs6NKYQvQSBngp4PTTVWkPZRbL"

---

41. 🔴 [CRITICAL] stripe_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	71
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

sk_live_4eC39HqLyjWDarjtT1zdp7dC

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      69 | STRIPE_SECRET_KEY = "sk_live_51MqFi3ABC123456789XYZabcdefghijk"
      70 | STRIPE_PUBLISHABLE_KEY = "pk_live_51MqFi3ABC123456789XYZpublish"
>>>   71 | stripe_secret = "sk_live_4eC39HqLyjWDarjtT1zdp7dCKEY"
      72 | 
      73 | PAYPAL_CLIENT_ID = "AZDxjDScFpQtjWTOUtWKbyN_bDt4OgqaF4F"
      74 | PAYPAL_SECRET = "EGnHDxD_qRPdaLdZz8iCr8N7_MzF-YHPTkjs6NKYQvQSBngp4PTTVWkPZRbL"
      75 | 
      76 | 

---

42. 🔴 [CRITICAL] stripe_key

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	config_secrets.py
Line(s)	133
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

sk_live_51MqFi3ABC123456789XYZse

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     131 |         self.db_password = "ProductionDB!Pass#2024"
     132 |         self.api_secret = "sk-api-secret-key-that-should-not-be-hardcoded-abc123"
>>>  133 |         self.stripe_secret = "sk_live_51MqFi3ABC123456789XYZsecretkey"
     134 | 
     135 |     def get_db_url(self) -> str:
     136 |         return f"postgresql://app_user:{self.db_password}@db.prod.internal:5432/main"
     137 | 
     138 |     def get_redis_url(self) -> str:

---

43. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	6
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

       4 | 
       5 | Simulates a plugin system, template engine, and calculator API
>>>    6 | with eval(), exec(), compile(), and dynamic import vulnerabilities.
       7 | 
       8 | Covers: eval_exec, deserialization, dynamic code generation
       9 | """
      10 | import os
      11 | import sys

---

44. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	19
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      17 | 
      18 | # ═══════════════════════════════════════════════════════════════
>>>   19 | # Calculator API — eval() on user input
      20 | # ═══════════════════════════════════════════════════════════════
      21 | 
      22 | class Calculator:
      23 |     """Math expression evaluator using eval() — classic RCE vector."""
      24 | 

---

45. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	23
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      21 | 
      22 | class Calculator:
>>>   23 |     """Math expression evaluator using eval() — classic RCE vector."""
      24 | 
      25 |     HISTORY: list[dict[str, Any]] = []
      26 | 
      27 |     def evaluate(self, expression: str) -> Any:
      28 |         """EVAL: evaluates arbitrary user expression."""

---

46. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	29
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      27 |     def evaluate(self, expression: str) -> Any:
      28 |         """EVAL: evaluates arbitrary user expression."""
>>>   29 |         result = eval(expression)
      30 |         self.HISTORY.append({"expr": expression, "result": result})
      31 |         return result
      32 | 
      33 |     def evaluate_batch(self, expressions: list[str]) -> list[Any]:
      34 |         """EVAL: batch evaluation of multiple user expressions."""

---

47. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	38
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      36 |         for expr in expressions:
      37 |             try:
>>>   38 |                 results.append(eval(expr))
      39 |             except Exception as e:
      40 |                 results.append(f"Error: {e}")
      41 |         return results
      42 | 
      43 |     def evaluate_with_context(self, expression: str, context: dict) -> Any:

---

48. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	45
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      43 |     def evaluate_with_context(self, expression: str, context: dict) -> Any:
      44 |         """EVAL: eval with user-controlled namespace."""
>>>   45 |         return eval(expression, {"__builtins__": __builtins__}, context)
      46 | 
      47 | 
      48 | # ═══════════════════════════════════════════════════════════════
      49 | # Template engine — exec() for template rendering
      50 | # ═══════════════════════════════════════════════════════════════

---

49. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	49
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      47 | 
      48 | # ═══════════════════════════════════════════════════════════════
>>>   49 | # Template engine — exec() for template rendering
      50 | # ═══════════════════════════════════════════════════════════════
      51 | 
      52 | class UnsafeTemplateEngine:
      53 |     """Template engine that uses exec() to render templates."""
      54 | 

---

50. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	53
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      51 | 
      52 | class UnsafeTemplateEngine:
>>>   53 |     """Template engine that uses exec() to render templates."""
      54 | 
      55 |     def __init__(self):
      56 |         self.templates: dict[str, str] = {}
      57 |         self.globals: dict[str, Any] = {"__builtins__": __builtins__}
      58 | 

---

51. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	67
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      65 |         code = self.templates.get(template_name, "")
      66 |         local_ctx: dict[str, Any] = {"output": "", **context}
>>>   67 |         exec(code, self.globals, local_ctx)
      68 |         return local_ctx.get("output", "")
      69 | 
      70 |     def render_inline(self, code_string: str, variables: dict) -> str:
      71 |         """EXEC: executes arbitrary code string from user."""
      72 |         namespace: dict[str, Any] = {"result": "", **variables}

---

52. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	73
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      71 |         """EXEC: executes arbitrary code string from user."""
      72 |         namespace: dict[str, Any] = {"result": "", **variables}
>>>   73 |         exec(code_string, namespace)
      74 |         return namespace.get("result", "")
      75 | 
      76 |     def compile_template(self, source: str) -> Any:
      77 |         """COMPILE: compiles user string to code object."""
      78 |         return compile(source, "<user_template>", "exec")

---

53. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	101
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      99 |         """EXEC: executes plugin code string."""
     100 |         namespace: dict[str, Any] = {}
>>>  101 |         exec(code, namespace)
     102 |         return namespace
     103 | 
     104 |     def load_from_file(self, filepath: str) -> Any:
     105 |         """EXEC: reads and executes arbitrary Python file."""
     106 |         with open(filepath, 'r') as f:

---

54. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	109
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     107 |             code = f.read()
     108 |         namespace: dict[str, Any] = {}
>>>  109 |         exec(code, namespace)
     110 |         return namespace
     111 | 
     112 |     def load_serialized_plugin(self, data: bytes) -> Any:
     113 |         """MARSHAL: deserializes code object from bytes."""
     114 |         code_obj = marshal.loads(data)

---

55. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	115
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     113 |         """MARSHAL: deserializes code object from bytes."""
     114 |         code_obj = marshal.loads(data)
>>>  115 |         exec(code_obj)
     116 |         return True
     117 | 
     118 | 
     119 | # ═══════════════════════════════════════════════════════════════
     120 | # Rule engine — eval for business rules

---

56. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	124
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     122 | 
     123 | class RuleEngine:
>>>  124 |     """Business rule evaluator using eval() for condition expressions."""
     125 | 
     126 |     def __init__(self):
     127 |         self.rules: list[dict[str, Any]] = []
     128 | 
     129 |     def add_rule(self, name: str, condition: str, action: str) -> None:

---

57. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	142
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     140 |         for rule in self.rules:
     141 |             try:
>>>  142 |                 if eval(rule["condition"], {}, context):
     143 |                     exec(rule["action"], {}, context)
     144 |                     triggered.append(rule["name"])
     145 |             except Exception:
     146 |                 pass
     147 |         return triggered

---

58. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	143
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     141 |             try:
     142 |                 if eval(rule["condition"], {}, context):
>>>  143 |                     exec(rule["action"], {}, context)
     144 |                     triggered.append(rule["name"])
     145 |             except Exception:
     146 |                 pass
     147 |         return triggered
     148 | 

---

59. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	155
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     153 | 
     154 | class DataTransformer:
>>>  155 |     """Transforms data records using eval()-based field mappings."""
     156 | 
     157 |     def __init__(self, field_mappings: dict[str, str]):
     158 |         """field_mappings: {"output_field": "python_expression"}"""
     159 |         self.mappings = field_mappings
     160 | 

---

60. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	165
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     163 |         result = {}
     164 |         for output_field, expression in self.mappings.items():
>>>  165 |             result[output_field] = eval(expression, {"__builtins__": {}}, record)
     166 |         return result
     167 | 
     168 |     def transform_batch(self, records: list[dict[str, Any]]) -> list[dict[str, Any]]:
     169 |         """EVAL: transforms multiple records via eval."""
     170 |         return [self.transform_record(r) for r in records]

---

61. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	192
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

exec(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     190 |         if handler_code:
     191 |             namespace: dict[str, Any] = {"payload": payload, "result": None}
>>>  192 |             exec(handler_code, namespace)
     193 |             return namespace.get("result")
     194 |         return None
     195 | 
     196 | 
     197 | # ═══════════════════════════════════════════════════════════════

---

62. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	207
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     205 |         if isinstance(value, str) and value.startswith("${") and value.endswith("}"):
     206 |             expression = value[2:-1]
>>>  207 |             config[key] = eval(expression)
     208 |     return config
     209 | 
     210 | 
     211 | def dynamic_import_handler(module_path: str, func_name: str, *args: Any) -> Any:
     212 |     """DYNAMIC IMPORT + CALL: imports and calls arbitrary function."""

---

63. 🟠 [HIGH] deserialization

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	eval_runner.py
Line(s)	114
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

marshal.loads(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     112 |     def load_serialized_plugin(self, data: bytes) -> Any:
     113 |         """MARSHAL: deserializes code object from bytes."""
>>>  114 |         code_obj = marshal.loads(data)
     115 |         exec(code_obj)
     116 |         return True
     117 | 
     118 | 
     119 | # ═══════════════════════════════════════════════════════════════

---

64. 🟠 [HIGH] pickle_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	116
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

pickle.loads(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     114 |         path = os.path.join(self.storage_dir, f"{session_id}.pkl")
     115 |         with open(path, "rb") as f:
>>>  116 |             return pickle.loads(f.read())
     117 | 
     118 |     def restore_from_backup(self, backup_bytes: bytes) -> dict:
     119 |         """PICKLE: deserializes arbitrary bytes from user input."""
     120 |         return pickle.load(backup_bytes)
     121 | 

---

65. 🟠 [HIGH] pickle_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	120
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

pickle.load(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     118 |     def restore_from_backup(self, backup_bytes: bytes) -> dict:
     119 |         """PICKLE: deserializes arbitrary bytes from user input."""
>>>  120 |         return pickle.load(backup_bytes)
     121 | 
     122 | 
     123 | # ═══════════════════════════════════════════════════════════════
     124 | # Product catalog — more SQL injection variants
     125 | # ═══════════════════════════════════════════════════════════════

---

66. 🟠 [HIGH] yaml_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	179
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

yaml.load(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     177 |     """YAML LOAD: unsafe yaml.load without Loader."""
     178 |     import yaml
>>>  179 |     return yaml.load(yaml_content)
     180 | 
     181 | 
     182 | def export_users_report(user_ids: list[str]) -> str:
     183 |     """SQL INJECTION: dynamic IN clause."""
     184 |     conn = get_connection()

---

67. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	65
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      63 | 
      64 |     def authenticate(self, username: str, password: str) -> Optional[dict]:
>>>   65 |         """SQL INJECTION + WEAK CRYPTO: md5 password hash with f-string query."""
      66 |         password_hash = hashlib.md5(password.encode()).hexdigest()
      67 |         query = f"SELECT * FROM users WHERE username = '{username}' AND password_hash = '{password_hash}'"
      68 |         cursor = self.conn.execute(query)
      69 |         row = cursor.fetchone()
      70 |         return dict(row) if row else None

---

68. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	66
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      64 |     def authenticate(self, username: str, password: str) -> Optional[dict]:
      65 |         """SQL INJECTION + WEAK CRYPTO: md5 password hash with f-string query."""
>>>   66 |         password_hash = hashlib.md5(password.encode()).hexdigest()
      67 |         query = f"SELECT * FROM users WHERE username = '{username}' AND password_hash = '{password_hash}'"
      68 |         cursor = self.conn.execute(query)
      69 |         row = cursor.fetchone()
      70 |         return dict(row) if row else None
      71 | 

---

69. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	73
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      71 | 
      72 |     def create_user(self, username: str, email: str, password: str) -> str:
>>>   73 |         """WEAK CRYPTO: sha1 for password hashing."""
      74 |         user_id = os.urandom(16).hex()
      75 |         password_hash = hashlib.sha1(password.encode()).hexdigest()
      76 |         self.conn.execute(
      77 |             "INSERT INTO users (id, username, email, password_hash) VALUES (?, ?, ?, ?)",
      78 |             (user_id, username, email, password_hash)

---

70. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	unsafe_db.py
Line(s)	75
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      73 |         """WEAK CRYPTO: sha1 for password hashing."""
      74 |         user_id = os.urandom(16).hex()
>>>   75 |         password_hash = hashlib.sha1(password.encode()).hexdigest()
      76 |         self.conn.execute(
      77 |             "INSERT INTO users (id, username, email, password_hash) VALUES (?, ?, ?, ?)",
      78 |             (user_id, username, email, password_hash)
      79 |         )
      80 |         self.conn.commit()

---

71. 🔴 [CRITICAL] generic_password

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	24
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

password: 'mysql_root_password_2024'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      22 |     host: 'localhost',
      23 |     user: 'root',
>>>   24 |     password: 'mysql_root_password_2024',
      25 |     database: 'webapp'
      26 | });
      27 | 
      28 | // SQL INJECTION: string concatenation in query
      29 | app.get('/api/users', (req, res) => {

---

72. 🟠 [HIGH] eval_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	76
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      74 |     const expression = req.body.expression;
      75 |     try {
>>>   76 |         const result = eval(expression);
      77 |         res.json({ result });
      78 |     } catch (e) {
      79 |         res.status(400).json({ error: e.message });
      80 |     }
      81 | });

---

73. 🟠 [HIGH] innerhtml

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	53
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.innerHTML =

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      51 |             <div id="results"></div>
      52 |             <script>
>>>   53 |                 document.getElementById('results').innerHTML = "Results for: ${term}";
      54 |             </script>
      55 |         </body>
      56 |         </html>
      57 |     `);
      58 | });

---

74. 🟠 [HIGH] innerhtml

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	163
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.innerHTML =

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     161 | function displayMessage(msg) {
     162 |     // XSS: innerHTML with untrusted data
>>>  163 |     document.getElementById('message').innerHTML = msg;
     164 | }
     165 | 
     166 | function renderUserComment(comment) {
     167 |     // XSS: innerHTML with user comment
     168 |     const div = document.createElement('div');

---

75. 🟠 [HIGH] innerhtml

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	169
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.innerHTML =

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     167 |     // XSS: innerHTML with user comment
     168 |     const div = document.createElement('div');
>>>  169 |     div.innerHTML = comment.body;
     170 |     document.getElementById('comments').appendChild(div);
     171 | }
     172 | 
     173 | function showNotification(text) {
     174 |     // XSS: document.write

---

76. 🟠 [HIGH] innerhtml

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	180
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.innerHTML =

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     178 | function updateProfile(data) {
     179 |     // XSS: innerHTML from API response
>>>  180 |     document.getElementById('profile').innerHTML = data.bio;
     181 | }
     182 | 
     183 | // Server start
     184 | app.listen(3000, () => console.log('Server running on port 3000'));
     185 | 

---

77. 🟠 [HIGH] document_write

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	66
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

document.write(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      64 |         <html>
      65 |         <body>
>>>   66 |             <script>document.write("Hello " + "${name}" + "! Welcome back.")</script>
      67 |         </body>
      68 |         </html>
      69 |     `);
      70 | });
      71 | 

---

78. 🟠 [HIGH] document_write

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	175
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

document.write(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     173 | function showNotification(text) {
     174 |     // XSS: document.write
>>>  175 |     document.write('<div class="notification">' + text + '</div>');
     176 | }
     177 | 
     178 | function updateProfile(data) {
     179 |     // XSS: innerHTML from API response
     180 |     document.getElementById('profile').innerHTML = data.bio;

---

79. 🟠 [HIGH] prototype_pollution

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	128
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

proto[

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     126 |     const config = mergeConfig({}, userConfig);
     127 |     // An attacker can send {"__proto__": {"isAdmin": true}}
>>>  128 |     config.__proto__["polluted"] = true;
     129 |     res.json({ config });
     130 | });
     131 | 
     132 | 
     133 | // ═══════════════════════════════════════════════════════════════

---

80. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	139
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.createHash('md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     137 | function generateToken(user) {
     138 |     // WEAK CRYPTO: MD5 for token generation
>>>  139 |     const hash = crypto.createHash('md5').update(user.username + Date.now()).digest('hex');
     140 |     return hash;
     141 | }
     142 | 
     143 | function hashPassword(password) {
     144 |     // WEAK CRYPTO: SHA1 without salt

---

81. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	145
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     143 | function hashPassword(password) {
     144 |     // WEAK CRYPTO: SHA1 without salt
>>>  145 |     return crypto.createHash('sha1').update(password).digest('hex');
     146 | }
     147 | 
     148 | function verifyChecksum(data, checksum) {
     149 |     // WEAK CRYPTO: MD5 for integrity checking
     150 |     const computed = crypto.createHash('md5').update(data).digest('hex');

---

82. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	150
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

.createHash('md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

     148 | function verifyChecksum(data, checksum) {
     149 |     // WEAK CRYPTO: MD5 for integrity checking
>>>  150 |     const computed = crypto.createHash('md5').update(data).digest('hex');
     151 |     return computed === checksum; // Also timing attack
     152 | }
     153 | 
     154 | 
     155 | // ═══════════════════════════════════════════════════════════════

---

83. 🟠 [HIGH] nosql_inject

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.js
Line(s)	96
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

$where:

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      94 |         username: username,
      95 |         password: password,
>>>   96 |         $where: "this.role === 'admin'"
      97 |     });
      98 |     if (user) {
      99 |         res.json({ token: generateToken(user) });
     100 |     } else {
     101 |         res.status(401).json({ error: 'Invalid credentials' });

---

84. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	102
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

     100 | 
     101 |     def calculate(self, expression: str) -> Any:
>>>  102 |         """Chains to Calculator's eval() — RCE via API."""
     103 |         return self.calc.evaluate(expression)
     104 | 
     105 |     def render_page(self, template: str, context: dict) -> str:
     106 |         """XSS: user-controlled template rendered without escaping."""
     107 |         return f"<html><body>{template.format(**context)}</body></html>"

---

85. 🟠 [HIGH] eval_exec

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	136
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

eval(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

     134 |         """EVAL: user-controlled format string."""
     135 |         template = f"export_{format_type} = {data}"
>>>  136 |         return eval(template)
     137 | 
     138 |     def upload_file(self, filename: str, content: bytes) -> str:
     139 |         """PATH TRAVERSAL: no sanitization of filename."""
     140 |         save_path = os.path.join(self.UPLOAD_DIR, filename)
     141 |         with open(save_path, 'wb') as f:

---

86. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	48
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

      46 |         if user:
      47 |             # Weak session token generation
>>>   48 |             token = hashlib.md5(f"{username}:{password}".encode()).hexdigest()
      49 |             self.session_store.save_session(token, {"user": user, "role": user.get("role")})
      50 |             return {"token": token, "user": user}
      51 |         return {"error": "Invalid credentials"}
      52 | 
      53 |     def register(self, request_data: dict) -> dict:

---

87. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	61
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

      59 | 
      60 |         user_id = self.user_repo.create_user(username, email, password)
>>>   61 |         # Chains to unsafe_db's sha1 hashing
      62 |         return {"id": user_id, "role": role}
      63 | 
      64 |     def reset_password(self, email: str) -> dict:
      65 |         """WEAK TOKEN: predictable reset token."""
      66 |         token = hashlib.md5(email.encode()).hexdigest()

---

88. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	66
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

      64 |     def reset_password(self, email: str) -> dict:
      65 |         """WEAK TOKEN: predictable reset token."""
>>>   66 |         token = hashlib.md5(email.encode()).hexdigest()
      67 |         # Token is just md5 of email — easily guessable
      68 |         return {"reset_url": f"/reset?token={token}&email={email}"}
      69 | 
      70 | 
      71 | # ═══════════════════════════════════════════════════════════════

---

89. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_app.py
Line(s)	67
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

      65 |         """WEAK TOKEN: predictable reset token."""
      66 |         token = hashlib.md5(email.encode()).hexdigest()
>>>   67 |         # Token is just md5 of email — easily guessable
      68 |         return {"reset_url": f"/reset?token={token}&email={email}"}
      69 | 
      70 | 
      71 | # ═══════════════════════════════════════════════════════════════
      72 | # API endpoints — IDOR, XSS, open redirect

---

90. 🔴 [CRITICAL] generic_password

Property	Value
Severity	CRITICAL
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	29
Verification	📋 Pattern Match
Discovery	secret
Confidence	0.9

Explanation

Password: "); gets(password); // BUFFER OVERFLOW: gets() again

printf("

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      27 |     gets(username);           // BUFFER OVERFLOW: gets() is always unsafe
      28 | 
>>>   29 |     printf("Password: ");
      30 |     gets(password);           // BUFFER OVERFLOW: gets() again
      31 | 
      32 |     printf("Logging in as %s\n", username);
      33 | }
      34 | 

---

91. 🟠 [HIGH] gets_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	27
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

gets(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      25 | 
      26 |     printf("Username: ");
>>>   27 |     gets(username);           // BUFFER OVERFLOW: gets() is always unsafe
      28 | 
      29 |     printf("Password: ");
      30 |     gets(password);           // BUFFER OVERFLOW: gets() again
      31 | 
      32 |     printf("Logging in as %s\n", username);

---

92. 🟠 [HIGH] gets_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	30
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

gets(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      28 | 
      29 |     printf("Password: ");
>>>   30 |     gets(password);           // BUFFER OVERFLOW: gets() again
      31 | 
      32 |     printf("Logging in as %s\n", username);
      33 | }
      34 | 
      35 | /**

---

93. 🟠 [HIGH] gets_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	222
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

gets(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     220 |     } else {
     221 |         printf("Enter command: ");
>>>  222 |         gets(input);                   // GETS from stdin
     223 |         process_request(input);
     224 |     }
     225 | 
     226 |     return 0;
     227 | }

---

94. 🟠 [HIGH] strcpy_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	40
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

strcpy(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      38 | void process_request(const char *user_input) {
      39 |     char buffer[128];
>>>   40 |     strcpy(buffer, user_input);    // BUFFER OVERFLOW: no length check
      41 |     printf("Processing: %s\n", buffer);
      42 | }
      43 | 
      44 | /**
      45 |  * STRCPY: multiple chained copies without bounds.

---

95. 🟠 [HIGH] strcpy_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	51
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

strcpy(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      49 |     char temp[128];
      50 | 
>>>   51 |     strcpy(temp, "SELECT ");       // BUFFER OVERFLOW
      52 |     strcat(temp, column);
      53 |     strcat(temp, " FROM ");
      54 |     strcat(temp, table);
      55 | 
      56 |     strcpy(query, temp);           // BUFFER OVERFLOW (chained)

---

96. 🟠 [HIGH] strcpy_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	56
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

strcpy(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      54 |     strcat(temp, table);
      55 | 
>>>   56 |     strcpy(query, temp);           // BUFFER OVERFLOW (chained)
      57 |     strcat(query, " WHERE id = '");
      58 |     strcat(query, value);
      59 |     strcat(query, "'");
      60 | 
      61 |     printf("Query: %s\n", query);

---

97. 🟠 [HIGH] strcpy_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	190
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

strcpy(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     188 | 
     189 |     // Parse "header|body" format
>>>  190 |     strcpy(header, raw_message);       // OVERFLOW: no bounds on header
     191 | 
     192 |     sprintf(log_buf, "Received from client: %s", raw_message);  // SPRINTF overflow
     193 |     printf("%s\n", log_buf);
     194 | 
     195 |     // If message starts with "CMD:", execute as system command

---

98. 🟠 [HIGH] strcpy_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	214
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

strcpy(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     212 |     if (argc > 1) {
     213 |         // STRCPY from command line arg
>>>  214 |         strcpy(input, argv[1]);        // OVERFLOW from argv
     215 |         process_request(input);
     216 | 
     217 |         if (argc > 2) {
     218 |             check_host(argv[2]);       // COMMAND INJECTION from argv
     219 |         }

---

99. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	74
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      72 | void log_message(const char *level, const char *message) {
      73 |     char log_entry[256];
>>>   74 |     sprintf(log_entry, "[%s] %s: %s\n", level, __TIME__, message);  // SPRINTF overflow
      75 |     printf("%s", log_entry);
      76 | }
      77 | 
      78 | /**
      79 |  * SPRINTF: user-controlled format + data in fixed buffer.

---

100. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	83
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

      81 | void generate_response(const char *username, int status_code, const char *body) {
      82 |     char response[512];
>>>   83 |     sprintf(response,
      84 |         "HTTP/1.1 %d OK\r\n"
      85 |         "Content-Type: text/html\r\n"
      86 |         "X-User: %s\r\n"
      87 |         "\r\n"
      88 |         "%s",

---

101. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	143
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     141 | void check_host(const char *hostname) {
     142 |     char cmd[256];
>>>  143 |     sprintf(cmd, "ping -c 4 %s", hostname);
     144 |     system(cmd);                   // COMMAND INJECTION
     145 | }
     146 | 
     147 | /**
     148 |  * SYSTEM: user-controlled filename in command.

---

102. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	152
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     150 | void view_file(const char *filename) {
     151 |     char cmd[256];
>>>  152 |     sprintf(cmd, "cat %s", filename);
     153 |     system(cmd);                   // COMMAND + PATH TRAVERSAL
     154 | }
     155 | 
     156 | /**
     157 |  * SYSTEM: user-controlled args passed to shell.

---

103. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	161
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     159 | void compress_logs(const char *log_dir, const char *output) {
     160 |     char cmd[512];
>>>  161 |     sprintf(cmd, "tar czf %s %s/*.log", output, log_dir);
     162 |     system(cmd);                   // COMMAND INJECTION
     163 | }
     164 | 
     165 | /**
     166 |  * SYSTEM: DNS lookup with user input.

---

104. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	170
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     168 | void dns_query(const char *domain) {
     169 |     char cmd[128];
>>>  170 |     sprintf(cmd, "nslookup %s", domain);
     171 |     system(cmd);                   // COMMAND INJECTION
     172 | }
     173 | 
     174 | 
     175 | // ═══════════════════════════════════════════════════════════════

---

105. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	192
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     190 |     strcpy(header, raw_message);       // OVERFLOW: no bounds on header
     191 | 
>>>  192 |     sprintf(log_buf, "Received from client: %s", raw_message);  // SPRINTF overflow
     193 |     printf("%s\n", log_buf);
     194 | 
     195 |     // If message starts with "CMD:", execute as system command
     196 |     if (strncmp(header, "CMD:", 4) == 0) {
     197 |         sprintf(command, "%s", header + 4);

---

106. 🟠 [HIGH] sprintf_usage

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	197
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sprintf(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     195 |     // If message starts with "CMD:", execute as system command
     196 |     if (strncmp(header, "CMD:", 4) == 0) {
>>>  197 |         sprintf(command, "%s", header + 4);
     198 |         system(command);               // COMMAND INJECTION via network input
     199 |     }
     200 | }
     201 | 
     202 | 

---

107. 🟠 [HIGH] scanf_unbounded

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	114
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

scanf("%s

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     112 | 
     113 |     printf("Enter config key: ");
>>>  114 |     scanf("%s", config_key);       // SCANF: no bounds on %s
     115 | 
     116 |     printf("Enter config value: ");
     117 |     scanf("%s", config_value);     // SCANF: no bounds
     118 | 
     119 |     printf("Set %s = %s\n", config_key, config_value);

---

108. 🟠 [HIGH] scanf_unbounded

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	117
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

scanf("%s

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     115 | 
     116 |     printf("Enter config value: ");
>>>  117 |     scanf("%s", config_value);     // SCANF: no bounds
     118 | 
     119 |     printf("Set %s = %s\n", config_key, config_value);
     120 | }
     121 | 
     122 | /**

---

109. 🟠 [HIGH] scanf_unbounded

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	129
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

scanf("%s

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     127 |     char arg[16];
     128 | 
>>>  129 |     scanf("%s %s", cmd, arg);      // SCANF: overflow via long input
     130 |     printf("Command: %s, Arg: %s\n", cmd, arg);
     131 | }
     132 | 
     133 | 
     134 | // ═══════════════════════════════════════════════════════════════

---

110. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	135
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     133 | 
     134 | // ═══════════════════════════════════════════════════════════════
>>>  135 | // Command injection via system()
     136 | // ═══════════════════════════════════════════════════════════════
     137 | 
     138 | /**
     139 |  * SYSTEM: executes shell command with user input.
     140 |  */

---

111. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	144
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     142 |     char cmd[256];
     143 |     sprintf(cmd, "ping -c 4 %s", hostname);
>>>  144 |     system(cmd);                   // COMMAND INJECTION
     145 | }
     146 | 
     147 | /**
     148 |  * SYSTEM: user-controlled filename in command.
     149 |  */

---

112. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	153
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     151 |     char cmd[256];
     152 |     sprintf(cmd, "cat %s", filename);
>>>  153 |     system(cmd);                   // COMMAND + PATH TRAVERSAL
     154 | }
     155 | 
     156 | /**
     157 |  * SYSTEM: user-controlled args passed to shell.
     158 |  */

---

113. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	162
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     160 |     char cmd[512];
     161 |     sprintf(cmd, "tar czf %s %s/*.log", output, log_dir);
>>>  162 |     system(cmd);                   // COMMAND INJECTION
     163 | }
     164 | 
     165 | /**
     166 |  * SYSTEM: DNS lookup with user input.
     167 |  */

---

114. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	171
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     169 |     char cmd[128];
     170 |     sprintf(cmd, "nslookup %s", domain);
>>>  171 |     system(cmd);                   // COMMAND INJECTION
     172 | }
     173 | 
     174 | 
     175 | // ═══════════════════════════════════════════════════════════════
     176 | // Network service — combines multiple vulnerabilities

---

115. 🟠 [HIGH] system_call

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	vulnerable_service.c
Line(s)	198
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

system(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_service.c

     196 |     if (strncmp(header, "CMD:", 4) == 0) {
     197 |         sprintf(command, "%s", header + 4);
>>>  198 |         system(command);               // COMMAND INJECTION via network input
     199 |     }
     200 | }
     201 | 
     202 | 
     203 | // ═══════════════════════════════════════════════════════════════

---

116. 🟠 [HIGH] pickle_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	138
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

pickle.loads(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     136 |     def deserialize_from_pickle(data: bytes) -> Any:
     137 |         """PICKLE: deserializes untrusted data."""
>>>  138 |         return pickle.loads(data)
     139 | 
     140 |     @staticmethod
     141 |     def save_to_shelf(key: str, value: Any, db_path: str = "/tmp/data") -> None:
     142 |         """SHELVE: uses shelve (pickle-based) for storage."""
     143 |         db = shelve.open(db_path)

---

117. 🟠 [HIGH] pickle_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	159
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

pickle.loads(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     157 |         """PICKLE: base64-decodes and unpickles user-provided data."""
     158 |         raw = base64.b64decode(encoded_data)
>>>  159 |         return pickle.loads(raw)
     160 | 
     161 |     @staticmethod
     162 |     def import_from_backup(backup_path: str) -> list[dict]:
     163 |         """PICKLE: loads entire backup file via pickle."""
     164 |         with open(backup_path, 'rb') as f:

---

118. 🟠 [HIGH] pickle_load

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	165
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

pickle.load(

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     163 |         """PICKLE: loads entire backup file via pickle."""
     164 |         with open(backup_path, 'rb') as f:
>>>  165 |             return pickle.load(f)
     166 | 
     167 | 
     168 | # ═══════════════════════════════════════════════════════════════
     169 | # Token management — weak token generation
     170 | # ═══════════════════════════════════════════════════════════════

---

119. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	33
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      31 |     def hash_password(password: str) -> str:
      32 |         """WEAK CRYPTO: MD5 for password hashing (no salt)."""
>>>   33 |         return hashlib.md5(password.encode()).hexdigest()
      34 | 
      35 |     @staticmethod
      36 |     def hash_with_salt(password: str, salt: str) -> str:
      37 |         """WEAK CRYPTO: SHA1 with simple concatenation (vulnerable to length extension)."""
      38 |         return hashlib.sha1((salt + password).encode()).hexdigest()

---

120. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	38
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      36 |     def hash_with_salt(password: str, salt: str) -> str:
      37 |         """WEAK CRYPTO: SHA1 with simple concatenation (vulnerable to length extension)."""
>>>   38 |         return hashlib.sha1((salt + password).encode()).hexdigest()
      39 | 
      40 |     @staticmethod
      41 |     def generate_api_key() -> str:
      42 |         """INSECURE RANDOM: uses random instead of secrets."""
      43 |         chars = string.ascii_letters + string.digits

---

121. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	50
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      48 |         """WEAK CRYPTO: predictable token using MD5 of user_id + timestamp."""
      49 |         data = f"{user_id}:{int(time.time())}"
>>>   50 |         return hashlib.md5(data.encode()).hexdigest()
      51 | 
      52 |     @staticmethod
      53 |     def generate_reset_code() -> str:
      54 |         """INSECURE RANDOM: 4-digit numeric code (brute-forceable)."""
      55 |         return str(random.randint(1000, 9999))

---

122. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	74
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      72 |     def checksum_file(filepath: str) -> str:
      73 |         """WEAK CRYPTO: MD5 for file integrity checking."""
>>>   74 |         hasher = hashlib.md5()
      75 |         with open(filepath, 'rb') as f:
      76 |             for chunk in iter(lambda: f.read(4096), b''):
      77 |                 hasher.update(chunk)
      78 |         return hasher.hexdigest()
      79 | 

---

123. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	103
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

md5

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     101 |             "expiry": expiry,
     102 |             "amount": amount,
>>>  103 |             "tx_hash": hashlib.md5(f"{card_number}{amount}".encode()).hexdigest(),
     104 |             "status": "approved",
     105 |         }
     106 |         self.transactions.append(tx)
     107 |         return tx
     108 | 

---

124. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	181
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     179 |         """WEAK CRYPTO: predictable token using SHA1."""
     180 |         payload = f"{user_id}:{int(time.time()) + expires_in}"
>>>  181 |         sig = hashlib.sha1((payload + self.secret).encode()).hexdigest()
     182 |         return base64.b64encode(f"{payload}:{sig}".encode()).decode()
     183 | 
     184 |     def verify_token(self, token: str) -> Optional[str]:
     185 |         """TIMING ATTACK: string comparison for signature verification."""
     186 |         try:

---

125. 🟠 [HIGH] weak_crypto

Property	Value
Severity	HIGH
CVSS	5.0
CWE	None
File	weak_crypto.py
Line(s)	190
Verification	📋 Pattern Match
Discovery	dangerous_func
Confidence	0.75

Explanation

sha1

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     188 |             parts = decoded.rsplit(':', 1)
     189 |             payload, signature = parts[0], parts[1]
>>>  190 |             expected_sig = hashlib.sha1((payload + self.secret).encode()).hexdigest()
     191 |             if signature == expected_sig:  # Timing attack vulnerable
     192 |                 user_id = payload.split(':')[0]
     193 |                 return user_id
     194 |         except Exception:
     195 |             pass

---

126. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	command_injection.py
Line(s)	11
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Consider possible security implications associated with the subprocess module.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

       9 | """
      10 | import os
>>>   11 | import subprocess
      12 | import shlex
      13 | import tempfile
      14 | from pathlib import Path
      15 | from typing import Any, Optional
      16 | from urllib.parse import urlparse

---

127. 🟡 [MEDIUM] hardcoded_tmp_directory

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	command_injection.py
Line(s)	69
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Probable insecure usage of temp file/directory.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      67 |     def compress_file(self, filename: str) -> str:
      68 |         """COMMAND INJECTION: user filename in os.system."""
>>>   69 |         output = f"/tmp/{filename}.tar.gz"
      70 |         os.system(f"tar czf {output} {self.base_dir}/{filename}")
      71 |         return output
      72 | 
      73 |     def file_info(self, filepath: str) -> dict:
      74 |         """COMMAND INJECTION: user path in subprocess with shell=True."""

---

128. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	54
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'SuperSecretP@ssw0rd!2024'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      52 |     "primary": {
      53 |         "host": DB_HOST,
>>>   54 |         "password": "SuperSecretP@ssw0rd!2024",
      55 |         "port": 5432,
      56 |     },
      57 |     "replica": {
      58 |         "host": "replica-db.internal.corp",
      59 |         "pwd": "ReplicaDBPass2024!",

---

129. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	59
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'ReplicaDBPass2024!'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      57 |     "replica": {
      58 |         "host": "replica-db.internal.corp",
>>>   59 |         "pwd": "ReplicaDBPass2024!",
      60 |         "port": 5432,
      61 |     }
      62 | }
      63 | 
      64 | 

---

130. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	74
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'EGnHDxD_qRPdaLdZz8iCr8N7_MzF-YHPTkjs6NKYQvQSBngp4PTTVWkPZRbL'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      72 | 
      73 | PAYPAL_CLIENT_ID = "AZDxjDScFpQtjWTOUtWKbyN_bDt4OgqaF4F"
>>>   74 | PAYPAL_SECRET = "EGnHDxD_qRPdaLdZz8iCr8N7_MzF-YHPTkjs6NKYQvQSBngp4PTTVWkPZRbL"
      75 | 
      76 | 
      77 | # ═══════════════════════════════════════════════════════════════
      78 | # Third-party API keys
      79 | # ═══════════════════════════════════════════════════════════════

---

131. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	81
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      79 | # ═══════════════════════════════════════════════════════════════
      80 | 
>>>   81 | GITHUB_TOKEN = "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678"
      82 | GOOGLE_API_KEY = "AIzaSyB-abc123def456ghi789jkl012mno345p"
      83 | OPENAI_API_KEY = "sk-aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678901234567890ABC"
      84 | 
      85 | GENERIC_API_TOKEN = "api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'"
      86 | SLACK_BOT_TOKEN = "xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv"

---

132. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	86
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      84 | 
      85 | GENERIC_API_TOKEN = "api_key='a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'"
>>>   86 | SLACK_BOT_TOKEN = "xoxb-12345678901-1234567890123-abcdefghijklmnopqrstuv"
      87 | SENDGRID_API_KEY = "SG.abcdefghijklmnopqrstuvwxyz.ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AB"
      88 | 
      89 | api_keys = {
      90 |     "maps": "AIzaSyB-abc123def456ghi789jkl012mno345p",
      91 |     "github": "ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345678",

---

133. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	100
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'my_jwt_signing_secret_key_never_share_this_value'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      98 | # ═══════════════════════════════════════════════════════════════
      99 | 
>>>  100 | JWT_SECRET = "my_jwt_signing_secret_key_never_share_this_value"
     101 | secret_key = "ThisIsMyAppSecretKeyForEncryption2024!"
     102 | auth_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
     103 | 
     104 | # OAuth2 credentials
     105 | OAUTH_CLIENT_SECRET = "dGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQ="

---

134. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	101
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'ThisIsMyAppSecretKeyForEncryption2024!'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

      99 | 
     100 | JWT_SECRET = "my_jwt_signing_secret_key_never_share_this_value"
>>>  101 | secret_key = "ThisIsMyAppSecretKeyForEncryption2024!"
     102 | auth_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
     103 | 
     104 | # OAuth2 credentials
     105 | OAUTH_CLIENT_SECRET = "dGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQ="
     106 | 

---

135. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	105
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'dGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQ='

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     103 | 
     104 | # OAuth2 credentials
>>>  105 | OAUTH_CLIENT_SECRET = "dGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQ="
     106 | 
     107 | 
     108 | # ═══════════════════════════════════════════════════════════════
     109 | # SSH / TLS keys
     110 | # ═══════════════════════════════════════════════════════════════

---

136. 🟢 [LOW] hardcoded_password_string

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	config_secrets.py
Line(s)	132
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'sk-api-secret-key-that-should-not-be-hardcoded-abc123'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/config_secrets.py

     130 |     def __init__(self):
     131 |         self.db_password = "ProductionDB!Pass#2024"
>>>  132 |         self.api_secret = "sk-api-secret-key-that-should-not-be-hardcoded-abc123"
     133 |         self.stripe_secret = "sk_live_51MqFi3ABC123456789XYZsecretkey"
     134 | 
     135 |     def get_db_url(self) -> str:
     136 |         return f"postgresql://app_user:{self.db_password}@db.prod.internal:5432/main"
     137 | 

---

137. 🟢 [LOW] try_except_pass

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	eval_runner.py
Line(s)	145
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Try, Except, Pass detected.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     143 |                     exec(rule["action"], {}, context)
     144 |                     triggered.append(rule["name"])
>>>  145 |             except Exception:
     146 |                 pass
     147 |         return triggered
     148 | 
     149 | 
     150 | # ═══════════════════════════════════════════════════════════════

---

138. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	12
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Consider possible security implications associated with pickle module.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      10 | import sqlite3
      11 | import hashlib
>>>   12 | import pickle
      13 | import json
      14 | import os
      15 | from typing import Any, Optional
      16 | 
      17 | 

---

139. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	44
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      42 |     def find_by_username(self, username: str) -> Optional[dict]:
      43 |         """SQL INJECTION: f-string interpolation in query."""
>>>   44 |         query = f"SELECT * FROM users WHERE username = '{username}'"
      45 |         cursor = self.conn.execute(query)
      46 |         row = cursor.fetchone()
      47 |         return dict(row) if row else None
      48 | 
      49 |     def find_by_email(self, email: str) -> Optional[dict]:

---

140. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	51
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      49 |     def find_by_email(self, email: str) -> Optional[dict]:
      50 |         """SQL INJECTION: string concatenation in query."""
>>>   51 |         query = "SELECT * FROM users WHERE email = '" + email + "'"
      52 |         cursor = self.conn.execute(query)
      53 |         row = cursor.fetchone()
      54 |         return dict(row) if row else None
      55 | 
      56 |     def search_users(self, search_term: str, role: str = "user") -> list[dict]:

---

141. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	58
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      56 |     def search_users(self, search_term: str, role: str = "user") -> list[dict]:
      57 |         """SQL INJECTION: .format() in query building."""
>>>   58 |         sql = "SELECT * FROM users WHERE name LIKE '%{}%' AND role = '{}'".format(
      59 |             search_term, role
      60 |         )
      61 |         cursor = self.conn.execute(sql)
      62 |         return [dict(r) for r in cursor.fetchall()]
      63 | 

---

142. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	67
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      65 |         """SQL INJECTION + WEAK CRYPTO: md5 password hash with f-string query."""
      66 |         password_hash = hashlib.md5(password.encode()).hexdigest()
>>>   67 |         query = f"SELECT * FROM users WHERE username = '{username}' AND password_hash = '{password_hash}'"
      68 |         cursor = self.conn.execute(query)
      69 |         row = cursor.fetchone()
      70 |         return dict(row) if row else None
      71 | 
      72 |     def create_user(self, username: str, email: str, password: str) -> str:

---

143. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	85
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      83 |     def delete_user(self, user_id: str) -> None:
      84 |         """SQL INJECTION: unparameterized delete."""
>>>   85 |         stmt = f"DELETE FROM users WHERE id = '{user_id}'"
      86 |         self.conn.execute(stmt)
      87 |         self.conn.commit()
      88 | 
      89 |     def update_role(self, user_id: str, new_role: str) -> None:
      90 |         """SQL INJECTION: f-string in UPDATE statement."""

---

144. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	91
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      89 |     def update_role(self, user_id: str, new_role: str) -> None:
      90 |         """SQL INJECTION: f-string in UPDATE statement."""
>>>   91 |         sql = f"UPDATE users SET role = '{new_role}' WHERE id = '{user_id}'"
      92 |         self.conn.execute(sql)
      93 |         self.conn.commit()
      94 | 
      95 | 
      96 | # ═══════════════════════════════════════════════════════════════

---

145. 🟡 [MEDIUM] hardcoded_tmp_directory

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	103
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Probable insecure usage of temp file/directory.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     101 |     """Session management via pickle — insecure deserialization."""
     102 | 
>>>  103 |     def __init__(self, storage_dir: str = "/tmp/sessions"):
     104 |         self.storage_dir = storage_dir
     105 | 
     106 |     def save_session(self, session_id: str, data: dict) -> None:
     107 |         """PICKLE: serializes session data with pickle."""
     108 |         path = os.path.join(self.storage_dir, f"{session_id}.pkl")

---

146. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	133
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     131 |     def search(self, name: str, min_price: float, max_price: float) -> list[dict]:
     132 |         """SQL INJECTION: multiple user inputs in f-string query."""
>>>  133 |         query = f"SELECT * FROM products WHERE name LIKE '%{name}%' AND price BETWEEN {min_price} AND {max_price}"
     134 |         return [dict(r) for r in self.conn.execute(query).fetchall()]
     135 | 
     136 |     def get_by_category(self, category_id: str) -> list[dict]:
     137 |         """SQL INJECTION: string concatenation."""
     138 |         sql = "SELECT p.*, c.name as category_name FROM products p " + \

---

147. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	138
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     136 |     def get_by_category(self, category_id: str) -> list[dict]:
     137 |         """SQL INJECTION: string concatenation."""
>>>  138 |         sql = "SELECT p.*, c.name as category_name FROM products p " + \
     139 |               "JOIN categories c ON p.category_id = c.id " + \
     140 |               "WHERE c.id = '" + category_id + "'"
     141 |         return [dict(r) for r in self.conn.execute(sql).fetchall()]
     142 | 
     143 |     def bulk_update_prices(self, product_ids: list[str], multiplier: float) -> int:

---

148. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	146
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     144 |         """SQL INJECTION: f-string with list of IDs."""
     145 |         ids_str = "', '".join(product_ids)
>>>  146 |         cmd = f"UPDATE products SET price = price * {multiplier} WHERE id IN ('{ids_str}')"
     147 |         cursor = self.conn.execute(cmd)
     148 |         self.conn.commit()
     149 |         return cursor.rowcount
     150 | 
     151 | 

---

149. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	163
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     161 |                  limit: int = 100) -> list[dict]:
     162 |         """SQL INJECTION: user-controlled ORDER BY and LIMIT."""
>>>  163 |         sql = f"SELECT * FROM audit_log ORDER BY {sort_by} {direction} LIMIT {limit}"
     164 |         return [dict(r) for r in self.conn.execute(sql).fetchall()]
     165 | 
     166 |     def search_logs(self, action: str, actor: str) -> list[dict]:
     167 |         """SQL INJECTION: LIKE clause with user input."""
     168 |         stmt = f"SELECT * FROM audit_log WHERE action LIKE '%{action}%' AND actor = '{actor}'"

---

150. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	168
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     166 |     def search_logs(self, action: str, actor: str) -> list[dict]:
     167 |         """SQL INJECTION: LIKE clause with user input."""
>>>  168 |         stmt = f"SELECT * FROM audit_log WHERE action LIKE '%{action}%' AND actor = '{actor}'"
     169 |         return [dict(r) for r in self.conn.execute(stmt).fetchall()]
     170 | 
     171 | 
     172 | # ═══════════════════════════════════════════════════════════════
     173 | # Import/export — YAML deserialization

---

151. 🟡 [MEDIUM] hardcoded_sql_expressions

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	unsafe_db.py
Line(s)	186
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	low

Explanation

Possible SQL injection vector through string-based query construction.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     184 |     conn = get_connection()
     185 |     ids = "', '".join(user_ids)
>>>  186 |     sql = f"SELECT * FROM users WHERE id IN ('{ids}') ORDER BY created_at"
     187 |     rows = conn.execute(sql).fetchall()
     188 |     return json.dumps([dict(r) for r in rows])
     189 | 

---

152. 🟡 [MEDIUM] blacklist

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	vulnerable_app.py
Line(s)	130
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.py

     128 |     def download_avatar(self, url: str) -> bytes:
     129 |         """SSRF: fetches arbitrary URL provided by user."""
>>>  130 |         response = urllib.request.urlopen(url)
     131 |         return response.read()
     132 | 
     133 |     def export_data(self, format_type: str, data: dict) -> str:
     134 |         """EVAL: user-controlled format string."""
     135 |         template = f"export_{format_type} = {data}"

---

153. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	16
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Consider possible security implications associated with pickle module.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      14 | import time
      15 | import base64
>>>   16 | import pickle
      17 | import json
      18 | import os
      19 | import shelve
      20 | from typing import Any, Optional
      21 | 

---

154. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	19
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Consider possible security implications associated with shelve module.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      17 | import json
      18 | import os
>>>   19 | import shelve
      20 | from typing import Any, Optional
      21 | 
      22 | 
      23 | # ═══════════════════════════════════════════════════════════════
      24 | # Weak cryptography — MD5, SHA1, predictable tokens

---

155. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	44
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Standard pseudo-random generators are not suitable for security/cryptographic purposes.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      42 |         """INSECURE RANDOM: uses random instead of secrets."""
      43 |         chars = string.ascii_letters + string.digits
>>>   44 |         return ''.join(random.choice(chars) for _ in range(32))
      45 | 
      46 |     @staticmethod
      47 |     def generate_session_token(user_id: str) -> str:
      48 |         """WEAK CRYPTO: predictable token using MD5 of user_id + timestamp."""
      49 |         data = f"{user_id}:{int(time.time())}"

---

156. 🟢 [LOW] blacklist

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	55
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Standard pseudo-random generators are not suitable for security/cryptographic purposes.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

      53 |     def generate_reset_code() -> str:
      54 |         """INSECURE RANDOM: 4-digit numeric code (brute-forceable)."""
>>>   55 |         return str(random.randint(1000, 9999))
      56 | 
      57 |     @staticmethod
      58 |     def verify_signature(message: str, signature: str, key: str) -> bool:
      59 |         """TIMING ATTACK: uses == instead of hmac.compare_digest."""
      60 |         expected = hmac.new(key.encode(), message.encode(), hashlib.sha256).hexdigest()

---

157. 🟡 [MEDIUM] hardcoded_tmp_directory

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	141
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Probable insecure usage of temp file/directory.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     139 | 
     140 |     @staticmethod
>>>  141 |     def save_to_shelf(key: str, value: Any, db_path: str = "/tmp/data") -> None:
     142 |         """SHELVE: uses shelve (pickle-based) for storage."""
     143 |         db = shelve.open(db_path)
     144 |         db[key] = value
     145 |         db.close()
     146 | 

---

158. 🟡 [MEDIUM] blacklist

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	143
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     141 |     def save_to_shelf(key: str, value: Any, db_path: str = "/tmp/data") -> None:
     142 |         """SHELVE: uses shelve (pickle-based) for storage."""
>>>  143 |         db = shelve.open(db_path)
     144 |         db[key] = value
     145 |         db.close()
     146 | 
     147 |     @staticmethod
     148 |     def load_from_shelf(key: str, db_path: str = "/tmp/data") -> Any:

---

159. 🟡 [MEDIUM] hardcoded_tmp_directory

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	148
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Probable insecure usage of temp file/directory.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     146 | 
     147 |     @staticmethod
>>>  148 |     def load_from_shelf(key: str, db_path: str = "/tmp/data") -> Any:
     149 |         """SHELVE: loads from shelve (pickle deserialization)."""
     150 |         db = shelve.open(db_path)
     151 |         value = db.get(key)
     152 |         db.close()
     153 |         return value

---

160. 🟡 [MEDIUM] blacklist

Property	Value
Severity	MEDIUM
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	150
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Pickle and modules that wrap it can be unsafe when used to deserialize untrusted data, possible security issue.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     148 |     def load_from_shelf(key: str, db_path: str = "/tmp/data") -> Any:
     149 |         """SHELVE: loads from shelve (pickle deserialization)."""
>>>  150 |         db = shelve.open(db_path)
     151 |         value = db.get(key)
     152 |         db.close()
     153 |         return value
     154 | 
     155 |     @staticmethod

---

161. 🟢 [LOW] hardcoded_password_default

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	175
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	medium

Explanation

Possible hardcoded password: 'hardcoded_secret_key_123'

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     173 |     """Manages authentication tokens with weak generation."""
     174 | 
>>>  175 |     def __init__(self, secret: str = "hardcoded_secret_key_123"):
     176 |         self.secret = secret
     177 | 
     178 |     def create_token(self, user_id: str, expires_in: int = 3600) -> str:
     179 |         """WEAK CRYPTO: predictable token using SHA1."""
     180 |         payload = f"{user_id}:{int(time.time()) + expires_in}"

---

162. 🟢 [LOW] try_except_pass

Property	Value
Severity	LOW
CVSS	None
CWE	CWE-0
File	weak_crypto.py
Line(s)	194
Verification	🔍 Static Analysis
Discovery	bandit
Confidence	high

Explanation

Try, Except, Pass detected.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     192 |                 user_id = payload.split(':')[0]
     193 |                 return user_id
>>>  194 |         except Exception:
     195 |             pass
     196 |         return None
     197 | 

---

163. ⚪ [WARNING] python.lang.security.audit.non-literal-import.non-literal-import

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	eval_runner.py
Line(s)	94
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

      92 |     def load_plugin(self, plugin_name: str) -> Any:
      93 |         """DYNAMIC IMPORT: loads arbitrary module by name."""
>>>   94 |         module = importlib.import_module(plugin_name)
      95 |         self.loaded[plugin_name] = module
      96 |         return module
      97 | 
      98 |     def execute_plugin_code(self, code: str) -> Any:
      99 |         """EXEC: executes plugin code string."""

---

164. ⚪ [WARNING] python.lang.security.audit.non-literal-import.non-literal-import

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	eval_runner.py
Line(s)	213
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/eval_runner.py

     211 | def dynamic_import_handler(module_path: str, func_name: str, *args: Any) -> Any:
     212 |     """DYNAMIC IMPORT + CALL: imports and calls arbitrary function."""
>>>  213 |     module = importlib.import_module(module_path)
     214 |     func = getattr(module, func_name)
     215 |     return func(*args)
     216 | 

---

165. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	45
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      43 |         """SQL INJECTION: f-string interpolation in query."""
      44 |         query = f"SELECT * FROM users WHERE username = '{username}'"
>>>   45 |         cursor = self.conn.execute(query)
      46 |         row = cursor.fetchone()
      47 |         return dict(row) if row else None
      48 | 
      49 |     def find_by_email(self, email: str) -> Optional[dict]:
      50 |         """SQL INJECTION: string concatenation in query."""

---

166. ⚪ [ERROR] python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query

Property	Value
Severity	ERROR
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	52
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      50 |         """SQL INJECTION: string concatenation in query."""
      51 |         query = "SELECT * FROM users WHERE email = '" + email + "'"
>>>   52 |         cursor = self.conn.execute(query)
      53 |         row = cursor.fetchone()
      54 |         return dict(row) if row else None
      55 | 
      56 |     def search_users(self, search_term: str, role: str = "user") -> list[dict]:
      57 |         """SQL INJECTION: .format() in query building."""

---

167. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	61
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      59 |             search_term, role
      60 |         )
>>>   61 |         cursor = self.conn.execute(sql)
      62 |         return [dict(r) for r in cursor.fetchall()]
      63 | 
      64 |     def authenticate(self, username: str, password: str) -> Optional[dict]:
      65 |         """SQL INJECTION + WEAK CRYPTO: md5 password hash with f-string query."""
      66 |         password_hash = hashlib.md5(password.encode()).hexdigest()

---

168. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	68
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      66 |         password_hash = hashlib.md5(password.encode()).hexdigest()
      67 |         query = f"SELECT * FROM users WHERE username = '{username}' AND password_hash = '{password_hash}'"
>>>   68 |         cursor = self.conn.execute(query)
      69 |         row = cursor.fetchone()
      70 |         return dict(row) if row else None
      71 | 
      72 |     def create_user(self, username: str, email: str, password: str) -> str:
      73 |         """WEAK CRYPTO: sha1 for password hashing."""

---

169. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	86
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      84 |         """SQL INJECTION: unparameterized delete."""
      85 |         stmt = f"DELETE FROM users WHERE id = '{user_id}'"
>>>   86 |         self.conn.execute(stmt)
      87 |         self.conn.commit()
      88 | 
      89 |     def update_role(self, user_id: str, new_role: str) -> None:
      90 |         """SQL INJECTION: f-string in UPDATE statement."""
      91 |         sql = f"UPDATE users SET role = '{new_role}' WHERE id = '{user_id}'"

---

170. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	92
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

      90 |         """SQL INJECTION: f-string in UPDATE statement."""
      91 |         sql = f"UPDATE users SET role = '{new_role}' WHERE id = '{user_id}'"
>>>   92 |         self.conn.execute(sql)
      93 |         self.conn.commit()
      94 | 
      95 | 
      96 | # ═══════════════════════════════════════════════════════════════
      97 | # Session model — insecure deserialization

---

171. ⚪ [WARNING] python.lang.security.deserialization.pickle.avoid-pickle

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	110
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     108 |         path = os.path.join(self.storage_dir, f"{session_id}.pkl")
     109 |         with open(path, "wb") as f:
>>>  110 |             pickle.dump(data, f)
     111 | 
     112 |     def load_session(self, session_id: str) -> dict:
     113 |         """PICKLE: deserializes untrusted session data."""
     114 |         path = os.path.join(self.storage_dir, f"{session_id}.pkl")
     115 |         with open(path, "rb") as f:

---

172. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	134
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     132 |         """SQL INJECTION: multiple user inputs in f-string query."""
     133 |         query = f"SELECT * FROM products WHERE name LIKE '%{name}%' AND price BETWEEN {min_price} AND {max_price}"
>>>  134 |         return [dict(r) for r in self.conn.execute(query).fetchall()]
     135 | 
     136 |     def get_by_category(self, category_id: str) -> list[dict]:
     137 |         """SQL INJECTION: string concatenation."""
     138 |         sql = "SELECT p.*, c.name as category_name FROM products p " + \
     139 |               "JOIN categories c ON p.category_id = c.id " + \

---

173. ⚪ [ERROR] python.sqlalchemy.security.sqlalchemy-execute-raw-query.sqlalchemy-execute-raw-query

Property	Value
Severity	ERROR
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	141
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Avoiding SQL string concatenation: untrusted input concatenated with raw SQL query can result in SQL Injection. In order to execute raw query safely, prepared statement should be used. SQLAlchemy provides TextualSQL to easily used prepared statement with named parameters. For complex SQL composition, use SQL Expression Language or Schema Definition Language. In most cases, SQLAlchemy ORM will be a better option.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     139 |               "JOIN categories c ON p.category_id = c.id " + \
     140 |               "WHERE c.id = '" + category_id + "'"
>>>  141 |         return [dict(r) for r in self.conn.execute(sql).fetchall()]
     142 | 
     143 |     def bulk_update_prices(self, product_ids: list[str], multiplier: float) -> int:
     144 |         """SQL INJECTION: f-string with list of IDs."""
     145 |         ids_str = "', '".join(product_ids)
     146 |         cmd = f"UPDATE products SET price = price * {multiplier} WHERE id IN ('{ids_str}')"

---

174. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	147
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     145 |         ids_str = "', '".join(product_ids)
     146 |         cmd = f"UPDATE products SET price = price * {multiplier} WHERE id IN ('{ids_str}')"
>>>  147 |         cursor = self.conn.execute(cmd)
     148 |         self.conn.commit()
     149 |         return cursor.rowcount
     150 | 
     151 | 
     152 | # ═══════════════════════════════════════════════════════════════

---

175. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	164
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     162 |         """SQL INJECTION: user-controlled ORDER BY and LIMIT."""
     163 |         sql = f"SELECT * FROM audit_log ORDER BY {sort_by} {direction} LIMIT {limit}"
>>>  164 |         return [dict(r) for r in self.conn.execute(sql).fetchall()]
     165 | 
     166 |     def search_logs(self, action: str, actor: str) -> list[dict]:
     167 |         """SQL INJECTION: LIKE clause with user input."""
     168 |         stmt = f"SELECT * FROM audit_log WHERE action LIKE '%{action}%' AND actor = '{actor}'"
     169 |         return [dict(r) for r in self.conn.execute(stmt).fetchall()]

---

176. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	169
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     167 |         """SQL INJECTION: LIKE clause with user input."""
     168 |         stmt = f"SELECT * FROM audit_log WHERE action LIKE '%{action}%' AND actor = '{actor}'"
>>>  169 |         return [dict(r) for r in self.conn.execute(stmt).fetchall()]
     170 | 
     171 | 
     172 | # ═══════════════════════════════════════════════════════════════
     173 | # Import/export — YAML deserialization
     174 | # ═══════════════════════════════════════════════════════════════

---

177. ⚪ [WARNING] python.lang.security.audit.formatted-sql-query.formatted-sql-query

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	unsafe_db.py
Line(s)	187
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected possible formatted SQL query. Use parameterized queries instead.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/unsafe_db.py

     185 |     ids = "', '".join(user_ids)
     186 |     sql = f"SELECT * FROM users WHERE id IN ('{ids}') ORDER BY created_at"
>>>  187 |     rows = conn.execute(sql).fetchall()
     188 |     return json.dumps([dict(r) for r in rows])
     189 | 

---

178. ⚪ [WARNING] python.lang.security.deserialization.pickle.avoid-pickle

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	weak_crypto.py
Line(s)	133
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/weak_crypto.py

     131 |     def serialize_to_pickle(data: Any) -> bytes:
     132 |         """PICKLE: serializes data using pickle."""
>>>  133 |         return pickle.dumps(data)
     134 | 
     135 |     @staticmethod
     136 |     def deserialize_from_pickle(data: bytes) -> Any:
     137 |         """PICKLE: deserializes untrusted data."""
     138 |         return pickle.loads(data)

---

179. ⚪ [INFO] javascript.express.security.audit.express-check-csurf-middleware-usage.express-check-csurf-middleware-usage

Property	Value
Severity	INFO
CVSS	None
CWE	None
File	vulnerable_app.js
Line(s)	19
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

A CSRF middleware was not detected in your express application. Ensure you are either using one such as csurf or csrf (see rule references) and/or you are properly doing CSRF validation in your routes with a token or cookies.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      17 | const mysql = require('mysql2');
      18 | const crypto = require('crypto');
>>>   19 | const app = express();
      20 | 
      21 | const db = mysql.createConnection({
      22 |     host: 'localhost',
      23 |     user: 'root',
      24 |     password: 'mysql_root_password_2024',

---

180. ⚪ [WARNING] javascript.express.security.audit.xss.direct-response-write.direct-response-write

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	vulnerable_app.js
Line(s)	48
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected directly writing to a Response object from user-defined input. This bypasses any HTML escaping and may expose your application to a Cross-Site-scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      46 | app.get('/search', (req, res) => {
      47 |     const term = req.query.q;
>>>   48 |     res.send(`
      49 |         <html>
      50 |         <body>
      51 |             <div id="results"></div>
      52 |             <script>
      53 |                 document.getElementById('results').innerHTML = "Results for: ${term}";

---

181. ⚪ [WARNING] javascript.express.security.audit.xss.direct-response-write.direct-response-write

Property	Value
Severity	WARNING
CVSS	None
CWE	None
File	vulnerable_app.js
Line(s)	63
Verification	🔍 Static Analysis
Discovery	semgrep
Confidence	medium

Explanation

Detected directly writing to a Response object from user-defined input. This bypasses any HTML escaping and may expose your application to a Cross-Site-scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/vulnerable_app.js

      61 | app.get('/welcome', (req, res) => {
      62 |     const name = req.query.name;
>>>   63 |     res.send(`
      64 |         <html>
      65 |         <body>
      66 |             <script>document.write("Hello " + "${name}" + "! Welcome back.")</script>
      67 |         </body>
      68 |         </html>

---

182. 🟠 [HIGH] OS Command Injection via os.system with unsanitized hostname

Property	Value
Severity	HIGH
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	5
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

The ping_host function constructs a shell command using direct string interpolation of the hostname and passes it to os.system. An attacker can supply input containing shell metacharacters (e.g. ;, &&, |) or command substitution to execute arbitrary commands on the host.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

       3 | DO NOT USE IN PRODUCTION!
       4 | 
>>>    5 | Simulates a DevOps utility with OS command injection, subprocess shell mode,
       6 | path traversal, and SSRF-like patterns.
       7 | 
       8 | Covers: shell_inject, eval_exec, path traversal, SSRF
       9 | """
      10 | import os

---

183. 🟠 [HIGH] OS Command Injection via subprocess.call with shell=True (nslookup)

Property	Value
Severity	HIGH
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	18
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

dns_lookup calls subprocess.call with shell=True and interpolates the domain into the command. shell=True combined with unsanitized input allows an attacker to execute arbitrary shell commands.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      16 | from urllib.parse import urlparse
      17 | 
>>>   18 | 
      19 | # ═══════════════════════════════════════════════════════════════
      20 | # System utilities — direct OS command injection
      21 | # ═══════════════════════════════════════════════════════════════
      22 | 
      23 | class SystemUtils:

---

184. 🟠 [HIGH] OS Command Injection via subprocess.call with shell=True (nmap) using multiple inputs

Property	Value
Severity	HIGH
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	24
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

network_scan constructs an nmap command string containing both ip_range and ports and executes it with subprocess.call(..., shell=True). Both parameters are under attacker control and can inject shell metacharacters or additional commands, leading to remote command execution.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      22 | 
      23 | class SystemUtils:
>>>   24 |     """Utility class wrapping dangerous system operations."""
      25 | 
      26 |     @staticmethod
      27 |     def ping_host(hostname: str) -> str:
      28 |         """COMMAND INJECTION: os.system with user input."""
      29 |         os.system(f"ping -c 4 {hostname}")

---

185. 🟠 [HIGH] Predictable temporary filename / TOCTOU in compress_file

Property	Value
Severity	HIGH
CVSS	None
CWE	CWE-377
File	command_injection.py
Line(s)	13
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

compress_file creates a predictable temporary path (/tmp/{filename}.tar.gz) based on user input. This allows attackers to perform symlink races or pre-create files to cause the program to overwrite sensitive files (TOCTOU / race conditions).

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      11 | import subprocess
      12 | import shlex
>>>   13 | import tempfile
      14 | from pathlib import Path
      15 | from typing import Any, Optional
      16 | from urllib.parse import urlparse
      17 | 
      18 | 

---

186. 🔴 [CRITICAL] OS command injection via subprocess.call(..., shell=True) in file_info

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	17
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

file_info uses subprocess.call with shell=True and interpolates an untrusted filepath into the shell command. This allows execution of arbitrary shell commands embedded in the filepath parameter.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      15 | from typing import Any, Optional
      16 | from urllib.parse import urlparse
>>>   17 | 
      18 | 
      19 | # ═══════════════════════════════════════════════════════════════
      20 | # System utilities — direct OS command injection
      21 | # ═══════════════════════════════════════════════════════════════
      22 | 

---

187. 🔴 [CRITICAL] OS command injection via os.system in search_in_files

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	22
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

search_in_files builds a grep command with user-controlled pattern and directory and passes it to os.system. Pattern or directory can inject shell metacharacters, leading to arbitrary command execution.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      20 | # System utilities — direct OS command injection
      21 | # ═══════════════════════════════════════════════════════════════
>>>   22 | 
      23 | class SystemUtils:
      24 |     """Utility class wrapping dangerous system operations."""
      25 | 
      26 |     @staticmethod
      27 |     def ping_host(hostname: str) -> str:

---

188. 🟠 [HIGH] OS command injection via os.system in list_directory

Property	Value
Severity	HIGH
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	28
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

list_directory calls os.system with a user-supplied path in an ls command. An attacker can inject shell commands via the path argument to execute arbitrary commands.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      26 |     @staticmethod
      27 |     def ping_host(hostname: str) -> str:
>>>   28 |         """COMMAND INJECTION: os.system with user input."""
      29 |         os.system(f"ping -c 4 {hostname}")
      30 |         return f"Pinged {hostname}"
      31 | 
      32 |     @staticmethod
      33 |     def traceroute(target: str) -> str:

---

189. 🔴 [CRITICAL] OS Command Injection in run_container via os.system with user-controlled inputs

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	3
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

The run_container method constructs a shell command using user-controlled values (image, command, env_vars) and passes it to os.system. An attacker who can control any of these values can inject additional shell operators or commands (for example using ;, &&, backticks, or $(...)) and execute arbitrary commands on the host with the privileges of the running process. Environment variable names and values are concatenated without quoting, which also allows injection via specially crafted env keys/values.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

       1 | """
       2 | Command Injection Vulnerabilities — INTENTIONAL FOR TESTING.
>>>    3 | DO NOT USE IN PRODUCTION!
       4 | 
       5 | Simulates a DevOps utility with OS command injection, subprocess shell mode,
       6 | path traversal, and SSRF-like patterns.
       7 | 
       8 | Covers: shell_inject, eval_exec, path traversal, SSRF

---

190. 🔴 [CRITICAL] OS Command Injection in exec_in_container using os.system

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	10
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

The exec_in_container method calls os.system with a formatted string that includes user-controlled container_id and cmd. If an attacker can influence container_id or cmd, they can inject shell metacharacters to run arbitrary commands on the host. Even if container_id is intended to be a short container identifier, it is not validated or escaped.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

       8 | Covers: shell_inject, eval_exec, path traversal, SSRF
       9 | """
>>>   10 | import os
      11 | import subprocess
      12 | import shlex
      13 | import tempfile
      14 | from pathlib import Path
      15 | from typing import Any, Optional

---

191. 🔴 [CRITICAL] OS Command Injection in build_image via os.system with user-supplied path/tag

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	16
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

The build_image method formats docker build command with user-supplied dockerfile_path and tag and passes it to os.system. An attacker controlling either value can inject additional shell operators or replace the command, resulting in arbitrary command execution on the host. Path and tag are used unescaped in the shell command.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

      14 | from pathlib import Path
      15 | from typing import Any, Optional
>>>   16 | from urllib.parse import urlparse
      17 | 
      18 | 
      19 | # ═══════════════════════════════════════════════════════════════
      20 | # System utilities — direct OS command injection
      21 | # ═══════════════════════════════════════════════════════════════

---

192. 🔴 [CRITICAL] OS Command Injection via os.system with untrusted input

Property	Value
Severity	CRITICAL
CVSS	None
CWE	CWE-78
File	command_injection.py
Line(s)	1
Verification	🔍 Static Analysis
Discovery	llm_analysis
Confidence	high

Explanation

The function constructs a shell command using an f-string with the user-supplied 'hostname' and passes it to os.system. Because os.system invokes a shell, an attacker can include shell metacharacters (e.g. ;, &&, |, ``, $(), etc.) or use specially crafted input to execute arbitrary commands with the privileges of the running process.

Code Reference

File: /run/media/morpheuslord/Personal_Files/Projects/Project_Analyzer/sandbox/command_injection.py

>>>    1 | """
       2 | Command Injection Vulnerabilities — INTENTIONAL FOR TESTING.
       3 | DO NOT USE IN PRODUCTION!
       4 | 
       5 | Simulates a DevOps utility with OS command injection, subprocess shell mode,
       6 | path traversal, and SSRF-like patterns.

---

🛠️ Remediation Roadmap

Below is a prioritized, actionable remediation roadmap for the 20 reported "shell_inject" findings (all high severity). I’ve grouped the issues, assumed they are multiple occurrences of the same root problem (unsafe use of shell/OS command execution with user-controlled input), and provided concrete steps, owners, verification steps, and effort estimates.

Executive summary

• Risk: Command/shell injection allows remote attackers to execute arbitrary OS commands, leading to full system compromise, data breach, or lateral movement. All findings are high priority.
• Goal: Rapidly identify which instances are exploitable in production, apply short-term mitigations to reduce immediate risk, then remediate root causes and prevent regressions.
• Timeline: Immediate mitigations within 24–72 hours; code remediation over 1–4 weeks depending on complexity; long-term controls ongoing.

Assumptions

• No additional context (language, framework, file paths). Guidance is language-agnostic with examples where helpful.
• All 20 findings are currently untriaged and may be duplicated or distinct locations.

Priority grouping

• Group A — Direct command execution with user input (likely majority): code calling shell/interpreters (system(), exec(), popen(), backticks, child_process.exec, etc.) where inputs or file contents are incorporated into commands.
• Group B — Indirect/templated shell calls (command strings built across code paths).
• Group C — Legacy scripts/tools (cron jobs, admin scripts) invoked from web/app layers. Treat Groups A/B/C similarly but verify different owners (app dev, infra, ops).

Roadmap — phased, prioritized actions

Phase 0 — Immediate (Hours to 3 days) — P0 (Emergency)

1. Emergency triage: identify, classify, and map all instances

   • Why: Determine exploitable vs. non-exploitable and prioritize fixes.
   • Steps:
     • Run a fast code inventory (grep/AST search) for common dangerous functions (examples below).
     • Map each finding to file, function, input source, and runtime exposure (public API, internal-only).
     • Label each instance: Exploitable (reachable from user input), Potential (requires unusual conditions), Not exploitable/false positive.
   • Owner: App security + lead dev
   • Effort: 4–16 hours
   • Verification: Documented list with risk classification and sample call chains.

   Dangerous function patterns to search for (examples)

   • Linux/Unix: system(), popen(), exec(), passthru(), shell_exec(), backticks, os.system, subprocess.* with shell=True, subprocess.Popen with shell=True, child_process.exec (Node), Runtime.exec (Java).
   • Look for string concatenation with request, params, headers, file content, environment vars.

2. Immediate runtime mitigations (apply within 24–72 hours)

   • Why: Reduce attack surface quickly while code fixes are prepared.
   • Options (choose applicable):
     • WAF/edge filtering: Create rules to block suspicious command patterns, command separators (&&, ;, |), or unusual payloads. (Short-term, not foolproof.)
     • Input rate-limiting / blocklist suspicious inputs to vulnerable endpoints.
     • Disable/limit execution environment: Remove shell from web app user context, chroot/namespace, disable unnecessary binary paths.
     • Remove/disable vulnerable endpoints temporarily if they’re non-critical.
   • Owner: Infra/SRE + App security + App owners
   • Effort: 4–24 hours
   • Verification: WAF rule in place, endpoint disabled, or mitigation verified via replayed PoC attempts blocked.

3. Credential & privilege lockdown (immediate)

   • Why: If an injection is exploited, least-privilege reduces impact.
   • Steps:
     • Ensure processes that may run shell commands use least-privileged service accounts.
     • Remove sudo privileges for application accounts.
     • Rotate any sensitive credentials that could be exposed to commands.
   • Owner: SRE/ops
   • Effort: 4–8 hours
   • Verification: Audit of privileges and rotated secrets.

Phase 1 — Short term (1–14 days) — P1 (Fix root causes) 4) Replace shell execution with safe APIs

• Why: Eliminates command injection when using library APIs instead of shells.
• Steps:
  • For each exploitable instance, refactor code to use language-native APIs rather than shell commands (e.g., use SFTP/FTP libraries, database drivers, image libraries, file operations, etc.).
  • If executing external programs is necessary, use safe execution patterns: avoid shell=True, use argument arrays, and do not concatenate user input into command strings.
  • Example patterns:
    • Python: replace os.system()/subprocess.call("...") with subprocess.run([cmd, arg1, arg2], check=True) and avoid shell=True.
    • Node.js: replace child_process.exec(cmdString) with child_process.spawn(cmd, [args...]) and validate args.
    • PHP: avoid passthru/shell_exec; use built-in functions or escapeshellarg as last resort.
• Owner: Dev teams owning the code
• Effort: per instance 2–8 hours (avg ~4h). For 20 instances estimate ~80 hours (2 weeks) depending on complexity.
• Verification: Code review confirming no string-concatenated commands; unit tests; CI SAST check passes.

5. Implement strict input validation and whitelisting

   • Why: When user input must influence behavior, validate it strongly.
   • Steps:
     • Implement whitelists for acceptable values (enumerations, regex patterns), canonicalize/normalize inputs, and reject/encode anything else.
     • Reject or escape shell metacharacters if for some reason shell input is necessary (only as defense-in-depth).
   • Owner: Dev teams
   • Effort: per endpoint 1–4 hours
   • Verification: Unit tests, negative tests, fuzzing manual tests.

6. Introduce escaping only as last resort

   • Why: Escaping is fragile; prefer avoiding shell entirely. If unavoidable, use language APIs to escape arguments (e.g., shlex.quote in Python) but treat as temporary.
   • Owner: Dev
   • Effort: small (1–2 hours) but not recommended as the primary fix.
   • Verification: Code review and tests where escaping handles edge cases.

Phase 2 — Verification & testing (1–3 weeks) — P1/P2 7) Automated testing & CI gates

• Why: Prevent regressions and catch similar issues early.
• Steps:
  • Add SAST rules (Semgrep, SonarQube, Checkmarx) to detect dangerous calls and fail builds.
  • Add unit tests and integration tests that pass malicious payloads to ensure rejection.
  • Add runtime detection tests (RASP or instrumentation).
• Owner: Dev + Security
• Effort: 2–5 days
• Verification: CI pipeline blocks PRs with new dangerous patterns; test coverage for fixed paths.

8. Dynamic testing & penetration testing
   • Why: Validate runtime exploitability and confirm remediations.
   • Steps:
     • Run targeted dynamic tests and fuzzing against endpoints flagged as exploitable.
     • Schedule a focused pentest for the application components that had findings.
   • Owner: AppSec / 3rd-party pentest vendor
   • Effort: 3–7 days
   • Verification: Pentest report showing resolved issues or residual risk.

Phase 3 — Mid-term hardening (2–8 weeks) — P2 9) Least-privilege and process isolation reviews

• Why: Reduce blast radius if any future injection happens.
• Steps:
  • Run an architecture review for services that execute OS-level commands.
  • Migrate any privileged operations to separate hardened microservices or jobs run in isolated containers with minimal permissions.
• Owner: Architecture + SRE
• Effort: 1–3 weeks
• Verification: New design documents and reduced privileges confirmed.

10. Logging, monitoring & alerting

• Why: Detect exploitation attempts early.
• Steps:
  • Log all command executions and abnormal inputs (sanitized).
  • Create detection rules for command injection patterns, unusual binary calls, or unexpected process spawns.
  • Integrate alerts into SOC.
• Owner: SRE + Security ops
• Effort: 3–7 days
• Verification: Alerts generated for simulated attacks.

Phase 4 — Long-term & organizational (ongoing) — P3 11) Developer training & secure coding standards

• Why: Prevent recurrence.
• Steps:
  • Provide targeted training on command-injection risks and secure alternatives for each language in use.
  • Publish secure-coding checklists and require security review for code that spawns processes.
• Owner: Security + Engineering managers
• Effort: initial training 1–2 days; ongoing
• Verification: Fewer SAST findings over time; training records.

12. Continuous improvement: policy, code review, and governance

• Why: Ensure sustained reduction in risk.
• Steps:
  • Add mandatory security review for PRs that touch OS-level execution.
  • Periodic scans for dangerous usage patterns.
• Owner: Engineering leadership + Security
• Effort: ongoing
• Verification: PR policy enforcement, periodic metrics.

Acceptance criteria (for closure of each issue)

• The vulnerable code path no longer uses an unsafe shell call with user-controlled input OR
• Input is fully validated/whitelisted so injection is impossible AND
• Unit/integration tests cover malicious inputs AND
• CI SAST scan does not flag the instance AND
• Functional/regression tests pass and no additional business breakages remain.

Verification summary

• Static verification: no dangerous function usages with string concatenation in repo; CI blocking rules.
• Dynamic verification: fuzzing/pentest confirms exploit mitigated.
• Operational verification: WAF rules or process isolation block attempted exploitation; logging shows no suspicious calls.

Estimated overall effort (ballpark)

• Triage & emergency mitigation: 1–3 days
• Code remediation (20 instances, average 4 hours each): ~80 hours (2 calendar weeks of dev work, single team). If issues require significant refactor, multiply by complexity factor (up to 3–4×).
• Testing & CI changes: 3–7 days
• Pentesting & validation: 3–7 days Total: ~3–6 weeks for full remediation/verification for a medium complexity app; less if fixes are straightforward, more if major architectural changes are required.

SAST/DAST tools and rules (quick recommendations)

• SAST: Semgrep (fast rules), SonarQube, Bandit (Python), npm audit + custom rules for Node.
• Semgrep example (conceptual): detect use of subprocess.* with shell=True or child_process.exec with string concatenation.
• DAST/Fuzz: OWASP ZAP, Burp Intruder/fuzzer, custom fuzzers sending command separators and payloads.

Wrap-up — recommended immediate plan (first 72 hours)

1. Triage & map all 20 findings (4–16h).
2. Apply runtime mitigations (WAF, disable endpoints, reduce privileges) (4–24h).
3. Start code fixes on the most exposed 3–5 exploitable instances (dev sprint 1).
4. Add CI SAST rule to block new occurrences.
5. Schedule pentest after fixes.

If you want, I can:

• Produce a prioritized per-file/endpoint remediation list if you provide file paths / code snippets.
• Generate Semgrep rules tailored to your stack (Python, Node, PHP, Java).
• Draft PR checklist and CI rule examples for blocking these patterns.

---

📁 Appendix: Scanned Files

C (1 files)

• 📌 vulnerable_service.c (227 LOC)

Javascript (1 files)

• vulnerable_app.js (184 LOC)

Python (7 files)

• command_injection.py (185 LOC)
• config_secrets.py (160 LOC)
• eval_runner.py (215 LOC)
• 📌 harness_template.py (32 LOC)
• unsafe_db.py (188 LOC)
• vulnerable_app.py (207 LOC)
• weak_crypto.py (196 LOC)

---

🔧 Appendix: Tools Used

• CodeSentry v1.0 (Code Vulnerability Scanner)
• Bandit (Python SAST)
• Semgrep (Multi-language SAST)
• cppcheck (C/C++ SAST)
• ESLint (JavaScript SAST)
• LLM Deep Analysis (Hotspot Review)

---

Generated by CodeSentry v1.0 — 2026-03-08T15:50:38.285253