fix: doc/requirements.txt to reduce vulnerabilities #1016
test_action.yml
on: push
Execute the pycharm-security action
2m 13s
Annotations
30 warnings
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
|
Execute the pycharm-security action:
file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L19
Name 'password' can be undefined
|
Execute the pycharm-security action:
file:///github/workspace/test_format.py#L2
Name 'z' can be undefined
|
Execute the pycharm-security action:
file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L27
Method <code>mul</code> may be 'static'
|
Execute the pycharm-security action:
file:///github/workspace/test_jinja2.py#L8
Redeclared 'env' defined above without usage
|
Execute the pycharm-security action:
file:///github/workspace/test_jinja2.py#L10
Redeclared 'env' defined above without usage
|
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
|
Execute the pycharm-security action:
file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L30
XML200: Using allow_dotted_names option may allow attackers to execute arbitrary code. Found in 'server.register_instance(MyFuncs(), True)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_pickle.py#L3
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(x)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_paramiko.py#L4
PAR100: Paramiko set to automatically trust the host key. Found in 'client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L12
PR100: Calling subprocess commands with shell=True can leave the host shell open to local code execution or remote code execution attacks. Found in 'shlex_quote(opt)'.
|
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
|
Execute the pycharm-security action:
file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
|
Execute the pycharm-security action:
file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_xmlrpc.py#L30
XML200: Using allow_dotted_names option may allow attackers to execute arbitrary code. Found in 'server.register_instance(MyFuncs(), True)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_pickle.py#L3
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(x)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_paramiko.py#L4
PAR100: Paramiko set to automatically trust the host key. Found in 'client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)'.
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
|
Execute the pycharm-security action:
file:///github/workspace/test_shell.py#L12
PR100: Calling subprocess commands with shell=True can leave the host shell open to local code execution or remote code execution attacks. Found in 'shlex_quote(opt)'.
|