Skip to content
Testing Custom Action

fix: doc/requirements.txt to reduce vulnerabilities #1016

Sign in to view logs

fix: doc/requirements.txt to reduce vulnerabilities

fix: doc/requirements.txt to reduce vulnerabilities #1016

Triggered via push July 10, 2024 07:25
@tonybaloneytonybaloney
pushed 54c182f
snyk-fix-6479ba68779f00225a6fd0b5dfc45e67
Status Success
Total duration 2m 24s
Artifacts

test_action.yml

on: push
Execute the pycharm-security action
2m 13s
Execute the pycharm-security action
Fit to window
Zoom out
Zoom in

Annotations

30 warnings
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
Execute the pycharm-security action: file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/test_shell.py#L19
Name 'password' can be undefined
Execute the pycharm-security action: file:///github/workspace/test_format.py#L2
Name 'z' can be undefined
Execute the pycharm-security action: file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
Execute the pycharm-security action: file:///github/workspace/test_xmlrpc.py#L27
Method <code>mul</code> may be 'static'
Execute the pycharm-security action: file:///github/workspace/test_jinja2.py#L8
Redeclared 'env' defined above without usage
Execute the pycharm-security action: file:///github/workspace/test_jinja2.py#L10
Redeclared 'env' defined above without usage
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
Execute the pycharm-security action: file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
Execute the pycharm-security action: file:///github/workspace/test_xmlrpc.py#L30
XML200: Using allow_dotted_names option may allow attackers to execute arbitrary code. Found in 'server.register_instance(MyFuncs(), True)'.
Execute the pycharm-security action: file:///github/workspace/test_pickle.py#L3
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(x)'.
Execute the pycharm-security action: file:///github/workspace/test_paramiko.py#L4
PAR100: Paramiko set to automatically trust the host key. Found in 'client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)'.
Execute the pycharm-security action: file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
Execute the pycharm-security action: file:///github/workspace/test_shell.py#L12
PR100: Calling subprocess commands with shell=True can leave the host shell open to local code execution or remote code execution attacks. Found in 'shlex_quote(opt)'.
Execute the pycharm-security action
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L6
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/do_assert.py#L12
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except: # do nothing pass'.
Execute the pycharm-security action: file:///github/workspace/assert_and_try.py#L5
TRY100: Ignoring exceptions without either logging or handling is not considered good security practice. Found in 'except Exception as ex: pass'.
Execute the pycharm-security action: file:///github/workspace/test_yaml.py#L4
YML100: Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). Found in 'load(f)'.
Execute the pycharm-security action: file:///github/workspace/test_xmlrpc.py#L30
XML200: Using allow_dotted_names option may allow attackers to execute arbitrary code. Found in 'server.register_instance(MyFuncs(), True)'.
Execute the pycharm-security action: file:///github/workspace/test_pickle.py#L3
PIC100: Loading serialized data with the pickle module can expose arbitrary code execution using the __reduce__ method. Found in 'pickle.loads(x)'.
Execute the pycharm-security action: file:///github/workspace/test_paramiko.py#L4
PAR100: Paramiko set to automatically trust the host key. Found in 'client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)'.
Execute the pycharm-security action: file:///github/workspace/test_shell.py#L22
PW101: Passwords, secrets or keys should not be hardcoded into Python code..
Execute the pycharm-security action: file:///github/workspace/test_shell.py#L12
PR100: Calling subprocess commands with shell=True can leave the host shell open to local code execution or remote code execution attacks. Found in 'shlex_quote(opt)'.