ci
This ruleset is intended to produce low false positives, and safe for use in CI/CD pipelines.
Run Locally
Rules (599)

Found an insecure gRPC connection using 'grpc.WithInsecure()'. This creates a connection without encryption to a gRPC server. A malicious attacker could tamper with the gRPC message, which could compromise the machine. Instead, establish a secure connection with an SSL certificate using the 'grpc.WithTransportCredentials()' function. You can create a create credentials using a 'tls.Config{}' struct with 'credentials.NewTLS()'. The final fix looks like this: 'grpc.WithTransportCredentials(credentials.NewTLS(<config>))'.

Found an insecure gRPC server without 'grpc.Creds()' or options with credentials. This allows for a connection without encryption to this server. A malicious attacker could tamper with the gRPC message, which could compromise the machine. Include credentials derived from an SSL certificate in order to create a secure gRPC connection. You can create credentials using 'credentials.NewServerTLSFromFile("cert.pem", "cert.key")'.

SSLv3 is insecure because it has known vulnerabilities. Starting with go1.14, SSLv3 will be removed. Instead, use 'tls.VersionTLS13'.

Detected an insecure CipherSuite via the 'tls' module. This suite is considered weak. Use the function 'tls.CipherSuites()' to get a list of good cipher suites. See https://golang.org/pkg/crypto/tls/#InsecureCipherSuites for why and what other cipher suites to use.

NullCipher was detected. This will not encrypt anything; the cipher text will be the same as the plain text. Use a valid, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Initialization Vectors (IVs) for block ciphers should be randomly generated each time they are used. Using a static IV means the same plaintext encrypts to the same ciphertext every time, weakening the strength of the encryption.

An insecure SSL context was detected. TLS versions 1.0, 1.1, and all SSL versions are considered weak encryption and are deprecated. Use SSLContext.getInstance("TLSv1.2") for the best security.

DES is considered deprecated. AES is the recommended cipher. Upgrade to use AES. See https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard for more information.

Detected hardcoded password used in basic authentication in a controller class. Including this password in version control could expose this credential. Consider refactoring to use environment variables or configuration files.

Checks for configuration setting of force_ssl to false. Force_ssl forces usage of HTTPS, which could lead to network interception of unencrypted application traffic. To fix, set config.force_ssl = true.

Detected use of an insecure SSL version. Secure SSL versions are TLSv1.2 and TLS1.3; older versions are known to be broken and are susceptible to attacks. Prefer use of TLSv1.2 or later.

Running flask app with host 0.0.0.0 could expose the server publicly.

Detected use of a Java socket that is not encrypted. As a result, the traffic could be read by an attacker intercepting the network traffic. Use an SSLSocket created by 'SSLSocketFactory' or 'SSLServerSocketFactory' instead.

Detected a network listener listening on 0.0.0.0 or an empty string. This could unexpectedly expose the server publicly as it binds to all available interfaces. Instead, specify another IP address that is not 0.0.0.0 nor the empty string.

Running `socket.bind` to 0.0.0.0, or empty string could unexpectedly expose the server publicly as it binds to all available interfaces. Consider instead getting correct address from an environment variable or configuration file.

Using CBC with PKCS5Padding is susceptible to padding oracle attacks. A malicious actor could discern the difference between plaintext with valid or invalid padding. Further, CBC mode does not include any integrity checks. Use 'AES/GCM/NoPadding' instead.

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Triple DES (3DES or DESede) is considered deprecated. AES is the recommended cipher. Upgrade to use AES.

Using RSA without OAEP mode weakens the encryption.

Detected Flask app with debug=True. Do not deploy to production with this flag enabled as it will leak sensitive information. Instead, consider using Flask configuration variables or setting 'debug' using system environment variables.

`MinVersion` is missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. Add `MinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.

RSA keys should be at least 2048 bits

RSA keys should be at least 2048 bits based on NIST recommendation.

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)

Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.

The BinaryFormatter type is dangerous and is not recommended for data processing. Applications should stop using BinaryFormatter as soon as possible, even if they believe the data they're processing to be trustworthy. BinaryFormatter is insecure and can't be made secure

Using less than 128 bits for Blowfish is considered insecure. Use 128 bits or more, or switch to use AES instead.

Cipher in ECB mode is detected. ECB mode produces the same output for the same input each time which allows an attacker to intercept and replay the data. Further, ECB mode does not provide any integrity checking. See https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY.

The application accepts potentially user-controlled input `$PROP` which can control the location of the current window context. This can lead two types of vulnerabilities open-redirection and Cross-Site-Scripting (XSS) with JavaScript URIs. It is recommended to validate user-controllable input before allowing it to control the redirection.

Calling assert with user input is equivalent to eval'ing.

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

$sceProvider is set to false. Disabling Strict Contextual escaping (SCE) in an AngularJS application could provide additional attack surface for XSS vulnerabilities.

Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.

Service '$SERVICE' is running in privileged mode. This grants the container the equivalent of root capabilities on the host machine. This can lead to container escapes, privilege escalation, and other security concerns. Remove the 'privileged' key to disable this capability.

GCM IV/nonce is reused: encryption can be totally useless

DocumentBuilderFactory being instantiated without calling the setFeature functions that are generally used for disabling entity processing, which can allow for XXE vulnerabilities

Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with `env:` to store the data and use the environment variable in the `run:` script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

DOCTYPE declarations are enabled for javax.xml.parsers.SAXParserFactory. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable this by setting the feature "http://apache.org/xml/features/disallow-doctype-decl" to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features "http://xml.org/sax/features/external-general-entities" and "http://xml.org/sax/features/external-parameter-entities" to false.

MD5 hash algorithm detected. This is not collision resistant and leads to easily-cracked password hashes. Replace with current recommended hashing algorithms.

Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Instead, use PBKDF2 for password hashing or SHA256 or SHA512 for other hash function applications.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Usage of the insecure ECB mode detected. You should use an authenticated encryption mode instead, which is implemented by the classes AesGcm or ChaCha20Poly1305.

You are using an insecure random number generator (RNG) to create a cryptographic key. System.Random must never be used for cryptographic purposes. Use System.Security.Cryptography.RandomNumberGenerator instead.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

The TokenValidationParameters.$LIFETIME is set to $FALSE, this means the JWT tokens lifetime is not validated. This can lead to an JWT token being used after it has expired, which has security implications. It is recommended to validate the JWT lifetime to ensure only valid tokens are used.

Stacktrace information is displayed in a non-Development environment. Accidentally disclosing sensitive stack trace information in a production environment aids an attacker in reconnaissance and information gathering.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities.

Semgrep found a bash reverse shell

Visualforce Pages must have the cspHeader attribute set to true. This attribute is available in API version 55 or higher.

Visualforce Pages must use API version 55 or higher for required use of the cspHeader attribute set to true.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Detected usage of dangerous method $METHOD which does not escape inputs (see link in references). If the argument is user-controlled, this can lead to SQL injection. When using $METHOD function, do not trust user-submitted data and only allow approved list of input (possibly, use an allowlist approach).

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`db.Query("SELECT * FROM t WHERE id = ?", id)`) or a safe library.

A request was found to be crafted from user-input `$REQUEST`. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, potentially exposing sensitive data. It is recommend where possible to not allow user-input to craft the base request, but to be treated as part of the path or query parameter. When user-input is necessary to craft the request, it is recommended to follow OWASP best practices to prevent abuse, including using an allowlist.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Use of AES with ECB mode detected. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Use of Blowfish was detected. Blowfish uses a 64-bit block size that makes it vulnerable to birthday attacks, and is therefore considered non-compliant. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Use of AES with no settings detected. By default, java.crypto.Cipher uses ECB mode. ECB doesn't provide message confidentiality and is not semantically secure so should not be used. Instead, use a strong, secure cipher: java.crypto.Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use HMAC instead.

Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use HMAC instead.

Use of RC2 was detected. RC2 is vulnerable to related-key attacks, and is therefore considered non-compliant. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Use of RC4 was detected. RC4 is vulnerable to several attacks, including stream cipher attacks and bit flipping attacks. Instead, use a strong, secure cipher: Cipher.getInstance("AES/CBC/PKCS7PADDING"). See https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions for more information.

Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Instead, use PBKDF2 for password hashing or SHA256 or SHA512 for other hash function applications.

Detected input from a HTTPServletRequest going into a SQL sink or statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use parameterized SQL queries or properly sanitize user input instead.

DOCTYPE declarations are enabled for $DBFACTORY. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable this by setting the feature "http://apache.org/xml/features/disallow-doctype-decl" to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features "http://xml.org/sax/features/external-general-entities" and "http://xml.org/sax/features/external-parameter-entities" to false.

DOCTYPE declarations are enabled for this DocumentBuilderFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature "http://apache.org/xml/features/disallow-doctype-decl" to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features "http://xml.org/sax/features/external-general-entities" and "http://xml.org/sax/features/external-parameter-entities" to false.

External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature "http://xml.org/sax/features/external-general-entities" to false.

External entities are allowed for $DBFACTORY. This is vulnerable to XML external entity attacks. Disable this by setting the feature "http://xml.org/sax/features/external-parameter-entities" to false.

DOCTYPE declarations are enabled for this SAXParserFactory. This is vulnerable to XML external entity attacks. Disable this by setting the feature `http://apache.org/xml/features/disallow-doctype-decl` to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features `http://xml.org/sax/features/external-general-entities` and `http://xml.org/sax/features/external-parameter-entities` to false. NOTE - The previous links are not meant to be clicked. They are the literal config key values that are supposed to be used to disable these features. For more information, see https://semgrep.dev/docs/cheat-sheets/java-xxe/#3a-documentbuilderfactory.

DOCTYPE declarations are enabled for this TransformerFactory. This is vulnerable to XML external entity attacks. Disable this by setting the attributes "accessExternalDTD" and "accessExternalStylesheet" to "".

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Detected user input controlling a file path. An attacker could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.

Detected user input entering a method which executes a system command. This could result in a command injection vulnerability, which allows an attacker to inject an arbitrary system command onto the server. The attacker could download malware onto or steal data from the server. Instead, use ProcessBuilder, separating the command into individual arguments, like this: `new ProcessBuilder("ls", "-al", targetDirectory)`. Further, make sure you hardcode or allowlist the actual command so that attackers can't run arbitrary commands.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

The libxml library processes user-input with the `noent` attribute is set to `true` which can lead to being vulnerable to XML External Entities (XXE) type attacks. It is recommended to set `noent` to `false` when using this feature to ensure you are protected.

The application redirects to a URL specified by user-supplied input `$REQ` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).

The following function call $SER.$FUNC accepts user controlled data which can result in Remote Code Execution (RCE) through Object Deserialization. It is recommended to use secure data processing alternatives such as JSON.parse() and Buffer.from().

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Detected a sequelize statement that is tainted by user-input. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

RSA keys should be at least 2048 bits based on NIST recommendation.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Static IV used with AES in CBC mode. Static IVs enable chosen-plaintext attacks against encrypted data.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

The Django secret key is used as salt in HashIDs. The HashID mechanism is not secure. By observing sufficient HashIDs, the salt used to construct them can be recovered. This means the Django secret key can be obtained by attackers, through the HashIDs.

Detected user input entering a `subprocess` call unsafely. This could result in a command injection vulnerability. An attacker could use this vulnerability to execute arbitrary commands on the host, which allows them to download malware, scan sensitive data, or run any command they wish on the server. Do not let users choose the command to run. In general, prefer to use Python API versions of system commands. If you must use subprocess, use a dictionary to allowlist a set of commands.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

The Flask secret key is used as salt in HashIDs. The HashID mechanism is not secure. By observing sufficient HashIDs, the salt used to construct them can be recovered. This means the Flask secret key can be obtained by attackers, through the HashIDs.

Detected user input entering a `subprocess` call unsafely. This could result in a command injection vulnerability. An attacker could use this vulnerability to execute arbitrary commands on the host, which allows them to download malware, scan sensitive data, or run any command they wish on the server. Do not let users choose the command to run. In general, prefer to use Python API versions of system commands. If you must use subprocess, use a dictionary to allowlist a set of commands.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Found the use of an hardcoded passphrase for RSA. The passphrase can be easily discovered, and therefore should not be stored in source-code. It is recommended to remove the passphrase from source-code, and use system environment variables or a restricted configuration file.

The RSA key size $SIZE is insufficent by NIST standards. It is recommended to use a key length of 2048 or higher.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Dangerously accepting invalid TLS information

Dangerous client config used, ensure SSL verification

SSL verification disabled, this allows for MitM attacks

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)

Document Builder being instantiated without calling the `setFeature` functions that are generally used for disabling entity processing. User controlled data in XML Document builder can result in XML Internal Entity Processing vulnerabilities like the disclosure of confidential data, denial of service, Server Side Request Forgery (SSRF), port scanning. Make sure to disable entity processing functionality.

Usage of RSA without OAEP (Optimal Asymmetric Encryption Padding) may weaken encryption. This could lead to sensitive data exposure. Instead, use RSA with `OAEPWithMD5AndMGF1Padding` instead.

XML processor being instantiated without calling the `setFeature` functions that are generally used for disabling entity processing. User controlled data in XML Parsers can result in XML Internal Entity Processing vulnerabilities like the disclosure of confidential data, denial of service, Server Side Request Forgery (SSRF), port scanning. Make sure to disable entity processing functionality.

XMLInputFactory being instantiated without calling the setProperty functions that are generally used for disabling entity processing. User controlled data in XML Document builder can result in XML Internal Entity Processing vulnerabilities like the disclosure of confidential data, denial of service, Server Side Request Forgery (SSRF), port scanning. Make sure to disable entity processing functionality.

Detected a tainted SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Avoid using using user input for generating SQL strings.

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.

Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)

$VAULT.getPoolTokens() call on a Balancer pool is not protected from the read-only reentrancy.

$VAR.getRate() call on a Balancer pool is not protected from the read-only reentrancy.

Function borrowFresh() in Compound performs state update after doTransferOut()

$POOL.get_virtual_price() call on a Curve pool is not protected from the read-only reentrancy.

abi.encodePacked hash collision with variable length arguments in $F()

ERC677 callAfterTransfer() reentrancy

ERC721 onERC721Received() reentrancy

ERC777 tokensReceived() reentrancy

blockhash(block.number) and blockhash(block.number + N) always returns 0.

Keep3rV2.current() call has high data freshness, but it has low security, an exploiter simply needs to manipulate 2 data points to be able to impact the feed.

The code must not contain any of Unicode Direction Control Characters

Proxy declares a state var that may override a storage slot of the implementation

transferFrom() can steal allowance of other accounts

setMultipleAllowances() is missing onlyOwner modifier

A specially crafted calldata may be used to impersonate other accounts

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.

Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.
