Rulesets (0)

Rules (11)

profile photo of returntocorpreturntocorp

Detected wildcard access granted to sts:AssumeRole. This means anyone with your AWS account ID and the name of the role can assume the role. Instead, limit to a specific identity in your account, like this: `arn:aws:iam::<account_id>:root`.

No author info

PYSEC-2021-437 found in project $PROJECT:$COMMIT, by $TOOL in dependency $DEPENDENCY version $VERSION A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. Fixed Versions: $FIX_VERSIONS Aliases: - CVE-2021-3572 - GHSA-5xp3-jfq3-5q8x Vulnerability published: 2021-11-10T18:15:00Z Vulnerability modified: 2021-11-29T23:42:09.374676Z References: - {'type': 'REPORT', 'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1962856'} - {'type': 'ADVISORY', 'url': 'https://github.com/advisories/GHSA-5xp3-jfq3-5q8x'}

profile photo of returntocorpreturntocorp

Detected public S3 bucket. This policy allows anyone to have some kind of access to the bucket. The exact level of access and types of actions allowed will depend on the configuration of bucket policy and ACLs. Please review the bucket configuration to make sure they are set with intended values.

profile photo of returntocorpreturntocorp

This code contains bidirectional (bidi) characters. While this is useful for support of right-to-left languages such as Arabic or Hebrew, it can also be used to trick language parsers into executing code in a manner that is different from how it is displayed in code editing and review tools. If this is not what you were expecting, please review this code in an editor that can reveal hidden Unicode characters.