re add bugs #5

PavelLinearB · 2023-05-09T13:16:34Z

used genAi

jit-ci

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed below as a comment.
It’s highly recommended that you fix this security issue before merge.

introduction/views.py

introduction/mitre.py

@@ -210,6 +210,11 @@
 # @authentication_decorator
 @csrf_exempt
 def mitre_lab_25_api(request):
+    if request.method == "POST":
+        expression = request.POST.get('expression')
+        result = eval(expression)


PavelLinearB

review comment

PavelLinearB

review finished

PavelLinearB · 2023-05-15T12:37:03Z

Dockerfile

@@ -21,6 +21,9 @@ COPY requirements.txt requirements.txt
 RUN pip install --no-cache-dir -r requirements.txt


+# copy project
+COPY . /app/


line comment #1 - review started

PavelLinearB · 2023-05-15T12:37:20Z

introduction/mitre.py

@@ -210,6 +210,11 @@ def csrf_transfer_monei_api(request,recipent,amount):
 # @authentication_decorator
 @csrf_exempt
 def mitre_lab_25_api(request):
+    if request.method == "POST":


Line comment 2

jit-ci

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed as a comment.
It’s highly recommended that you fix this security issue before merge.

Until now, you ignored/fixed 1 finding.

introduction/views.py

jit-ci

❌ Jit has detected 2 important findings in this PR that you should review.
The findings are detailed as separate comments.
It’s highly recommended that you fix these security issues before merge.

Until now, you ignored/fixed 1 finding.

jit-ci · 2023-05-18T14:52:04Z

introduction/views.py

@@ -156,7 +156,8 @@
                print(sql_query)
                try:
                    print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

introduction/views.py

-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


orca-security-us

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0 0 0 0
Passed	Vulnerabilities	0 0 0 0
Passed	Secrets	0 0 0 0

jit-ci

❌ Jit has detected 3 important findings in this PR that you should review.
The findings are detailed as separate comments.
It’s highly recommended that you fix these security issues before merge.

Until now, you ignored/fixed 7 findings.

jit-ci · 2023-06-06T12:14:15Z

introduction/views.py

@@ -156,7 +156,9 @@ def sql_lab(request):
                print(sql_query)
                try:
                    print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

jit-ci · 2023-06-06T12:14:15Z

introduction/views.py

-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

jit-ci · 2023-06-06T12:14:16Z

introduction/views.py

@@ -156,7 +156,9 @@ def sql_lab(request):
                print(sql_query)
                try:
                    print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

jit-ci

❌ Jit has detected 3 important findings in this PR that you should review.
The findings are detailed as separate comments.
It’s highly recommended that you fix these security issues before merge.

Until now, you ignored/fixed 10 findings.

jit-ci · 2023-06-06T12:16:57Z

introduction/views.py

@@ -156,7 +156,9 @@ def sql_lab(request):
                print(sql_query)
                try:
                    print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

jit-ci · 2023-06-06T12:16:57Z

introduction/views.py

@@ -156,7 +156,9 @@
                print(sql_query)
                try:
                    print("\nin try\n")
-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

jit-ci · 2023-06-06T12:16:58Z

introduction/views.py

-                    val=""
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)
+                    val=login.objects.raw(sql_query)


Security control: Static Code Analysis Python Semgrep

Type: Gitlab.Bandit.B611

Description: You should be very careful whenever you write raw SQL. Consider using Django ORM before raw SQL. See https://docs.djangoproject.com/en/3.0/topics/db/sql/#passing-parameters-into-raw

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

#jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”

#jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”

#jit_undo_ignore Undo ignore command

gitstream-cm · 2023-06-06T12:19:09Z

comments: [{"commenter":"sonarcloud","content":"SonarCloud Quality Gate failed. \n\n 6 Bugs \n 4 Vulnerabilities \n 1 Security Hotspot \n 3 Code Smells\n\n No Coverage information \n 0.0% Duplication\n\n","created_at":"2023-06-06T12:17:52Z","id":1578655379}]

sonarcloud · 2023-06-06T12:30:07Z

SonarCloud Quality Gate failed.

6 Bugs
4 Vulnerabilities
1 Security Hotspot
3 Code Smells

No Coverage information
0.0% Duplication

gitstream-cm bot added the 1 min review label May 9, 2023

jit-ci bot reviewed May 9, 2023

View reviewed changes

introduction/views.py Show resolved Hide resolved

github-advanced-security bot found potential problems May 9, 2023

View reviewed changes

PavelLinearB commented May 15, 2023

View reviewed changes

PavelLinearB force-pushed the add-bugs branch from a457c6e to 1786b75 Compare May 17, 2023 14:08

jit-ci bot reviewed May 17, 2023

View reviewed changes

introduction/views.py Show resolved Hide resolved

gitstream-cm bot added 2 vulnerabilities found 1 Security Hotspots found 3 code smells found 6 bugs found 2 vulnerabilities 1 Security Hotspots 3 code smells 6 bugs and removed 2 vulnerabilities found 1 Security Hotspots found 3 code smells found 6 bugs found labels May 17, 2023

gitstream-cm bot requested a review from Dudu-linb May 17, 2023 15:30

gitstream-cm bot added 2 🛡️ Vulnerabilities 1 🌶️ Security hotspots 3 💩 Code Smells 6 🐞 Bugs and removed 2 vulnerabilities 1 Security Hotspots 3 code smells 6 bugs labels May 18, 2023

github-advanced-security bot found potential problems May 18, 2023

View reviewed changes

introduction/views.py Fixed Show fixed Hide fixed

jit-ci bot reviewed May 18, 2023

View reviewed changes

gitstream-cm bot added 7 high vulns by Jit and removed 6 high vulns by Jit labels May 21, 2023

github-advanced-security bot found potential problems May 21, 2023

View reviewed changes

gitstream-cm bot added 🛡️ x 4 Vulnerabilities 1 🌶️ x 1 Security Hotspots 1 💩 x 3 Code Smells 1 🐞 x 6 Bugs 1 Blue label and removed 4 🛡️ Vulnerabilities 1 🌶️ Security hotspots 3 💩 Code Smells 6 🐞 Bugs 7 high vulns by Jit labels May 25, 2023

orca-security-us bot reviewed Jun 6, 2023

View reviewed changes

linear-b deleted a comment from gitstream-cm bot Jun 6, 2023

PavelLinearB force-pushed the add-bugs branch from 679479e to 93cf73b Compare June 6, 2023 12:12

jit-ci bot reviewed Jun 6, 2023

View reviewed changes

Update README.md

43fadcc

PavelLinearB force-pushed the add-bugs branch from 93cf73b to 43fadcc Compare June 6, 2023 12:15

linear-b deleted a comment from gitstream-cm bot Jun 6, 2023

jit-ci bot reviewed Jun 6, 2023

View reviewed changes

Update README.md

743fad6

Update README.md

005bb4f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

re add bugs #5

re add bugs #5

PavelLinearB commented May 9, 2023 •

edited

Loading

jit-ci bot left a comment

PavelLinearB left a comment

PavelLinearB left a comment

PavelLinearB May 15, 2023

PavelLinearB May 15, 2023

jit-ci bot left a comment

jit-ci bot left a comment

jit-ci bot May 18, 2023

orca-security-us bot left a comment •

edited

Loading

jit-ci bot left a comment

jit-ci bot Jun 6, 2023

jit-ci bot Jun 6, 2023

jit-ci bot Jun 6, 2023

jit-ci bot left a comment

jit-ci bot Jun 6, 2023

jit-ci bot Jun 6, 2023

jit-ci bot Jun 6, 2023

gitstream-cm bot commented Jun 6, 2023

sonarcloud bot commented Jun 6, 2023

re add bugs #5

Are you sure you want to change the base?

re add bugs #5

Conversation

PavelLinearB commented May 9, 2023 • edited Loading

jit-ci bot left a comment

Choose a reason for hiding this comment

PavelLinearB left a comment

Choose a reason for hiding this comment

PavelLinearB left a comment

Choose a reason for hiding this comment

PavelLinearB May 15, 2023

Choose a reason for hiding this comment

PavelLinearB May 15, 2023

Choose a reason for hiding this comment

jit-ci bot left a comment

Choose a reason for hiding this comment

jit-ci bot left a comment

Choose a reason for hiding this comment

jit-ci bot May 18, 2023

Choose a reason for hiding this comment

orca-security-us bot left a comment • edited Loading

Choose a reason for hiding this comment

Orca Security Scan Summary

jit-ci bot left a comment

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

jit-ci bot left a comment

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

jit-ci bot Jun 6, 2023

Choose a reason for hiding this comment

gitstream-cm bot commented Jun 6, 2023

sonarcloud bot commented Jun 6, 2023

PavelLinearB commented May 9, 2023 •

edited

Loading

orca-security-us bot left a comment •

edited

Loading