Skip to content
Pycharm Security

[3.0.23] Fix: Web security #287

Sign in to view logs

[3.0.23] Fix: Web security

[3.0.23] Fix: Web security #287

Triggered via push October 19, 2023 17:32
@mauricelambertmauricelambert
pushed 0c108bf
main
Status Success
Total duration 4m 10s
Artifacts

pycharm.yml

on: push
build
2m 8s
build
Fit to window
Zoom out
Zoom in

Annotations

11 warnings
build
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
build
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
build: file:///github/workspace/docs/Security_Considerations.md#L130
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(inputs[0])'.
build: file:///github/workspace/docs/Security_Considerations.md#L154
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(environ["HTTP_COMMAND"])'.
build: file:///github/workspace/docs/Security_Considerations.md#L155
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(sys.argv[1])'.
build: file:///github/workspace/docs/Security_Considerations.md#L156
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(input())'.
build: file:///github/workspace/docs/Security_Considerations.md#L129
SH100: Potential shell injection with unescaped input. Found in 'arguments[0]'.
build: file:///github/workspace/docs/Security_Considerations.md#L150
SH100: Potential shell injection with unescaped input. Found in 'environ["HTTP_COMMAND"]'.
build: file:///github/workspace/docs/Security_Considerations.md#L151
SH100: Potential shell injection with unescaped input. Found in 'sys.argv[1]'.
build: file:///github/workspace/docs/Security_Considerations.md#L152
SH100: Potential shell injection with unescaped input. Found in 'input()'.
build: file:///github/workspace/tests/test_dos_length.py#L4
SH100: Potential shell injection with unescaped input. Found in '"echo " + "a" * 8155'.