https://github.com/TauricResearch/TradingAgents ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED111 Bare except continues silently |
medium | 16 |
MINED106 Phantom test coverage (assertion-free test) |
high | 8 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
MINED050 Stub Only Function |
info | 4 |
AIC003 Duplicated implementation block across source files |
low | 4 |
MINED001 Bare Except Pass |
high | 3 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 3 |
MINED067 Python Requests No Timeout |
info | 2 |
MINED118 Dockerfile FROM not pinned by sha256 digest |
high | 2 |
MINED007
Sql String Concat
CWE-89
tradingagents/graph/checkpointer.py:85
· conf 1.00
[MINED007] Sql String Concat: cursor.execute(f"... {user_input} ...") — SQL injection.MINED001
Bare Except Pass
CWE-755
tradingagents/dataflows/yfinance_news.py:33
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
tradingagents/graph/checkpointer.py:87
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
tradingagents/__init__.py:15
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED021
Path Traversal Os Join
CWE-22
tradingagents/default_config.py:3
· conf 1.00
[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain "../" — directory escape.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_capabilities.py:119
· conf 1.00
[MINED106] Phantom test coverage: test_capabilities_dataclass_is_frozen: Test function `test_capabilities_dataclass_is_frozen` runs code but contains no assert / expect / should call — it passes rega…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_env_overrides.py:82
· conf 1.00
[MINED106] Phantom test coverage: test_invalid_int_raises: Test function `test_invalid_int_raises` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_market_data_validator.py:48
· conf 1.00
[MINED106] Phantom test coverage: test_raises_when_no_rows_on_or_before_date: Test function `test_raises_when_no_rows_on_or_before_date` runs code but contains no assert / expect / should call — it p…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_market_data_validator.py:53
· conf 1.00
[MINED106] Phantom test coverage: test_raises_on_empty_data: Test function `test_raises_on_empty_data` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Add…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_memory_log.py:439
· conf 1.00
[MINED106] Phantom test coverage: test_update_noop_when_no_log_path: Test function `test_update_noop_when_no_log_path` runs code but contains no assert / expect / should call — it passes regardless o…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_memory_log.py:820
· conf 1.00
[MINED106] Phantom test coverage: test_portfolio_manager_no_memory_param: Test function `test_portfolio_manager_no_memory_param` runs code but contains no assert / expect / should call — it passes re…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_signal_processing.py:77
· conf 1.00
[MINED106] Phantom test coverage: test_makes_no_llm_calls: Test function `test_makes_no_llm_calls` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/test_structured_agents.py:285
· conf 1.00
[MINED106] Phantom test coverage: test_score_out_of_range_rejected: Test function `test_score_out_of_range_rejected` runs code but contains no assert / expect / should call — it passes regardless of …MINED108
self.attribute used but never assigned in __init__
CWE-476
cli/main.py:160
· conf 1.00
[MINED108] `self._update_current_report` used but never assigned in __init__: Method `update_report_section` of class `MessageBuffer` reads `self._update_current_report`, but no assignment to it exis…MINED108
self.attribute used but never assigned in __init__
CWE-476
cli/main.py:189
· conf 1.00
[MINED108] `self._update_final_report` used but never assigned in __init__: Method `_update_current_report` of class `MessageBuffer` reads `self._update_final_report`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:50
· conf 1.00
[MINED108] `self.tmpdir` used but never assigned in __init__: Method `setUp` of class `TestCheckpointResume` reads `self.tmpdir`, but no assignment to it exists in __init__ (and no class-level fallba…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:51
· conf 1.00
[MINED108] `self.ticker` used but never assigned in __init__: Method `setUp` of class `TestCheckpointResume` reads `self.ticker`, but no assignment to it exists in __init__ (and no class-level fallba…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:52
· conf 1.00
[MINED108] `self.date` used but never assigned in __init__: Method `setUp` of class `TestCheckpointResume` reads `self.date`, but no assignment to it exists in __init__ (and no class-level fallback).…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:58
· conf 1.00
[MINED108] `self.ticker` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.ticker`, but no assignment to it exists in __init__ (and no cl…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:58
· conf 1.00
[MINED108] `self.date` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.date`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:69
· conf 1.00
[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.assertTrue`, but no assignment to it exists in __init__ (a…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:70
· conf 1.00
[MINED108] `self.date` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.date`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:70
· conf 1.00
[MINED108] `self.tmpdir` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.tmpdir`, but no assignment to it exists in __init__ (and no cl…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:70
· conf 1.00
[MINED108] `self.ticker` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.ticker`, but no assignment to it exists in __init__ (and no cl…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:71
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.assertEqual`, but no assignment to it exists in __init__ …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_checkpoint_resume.py:80
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_crash_and_resume` of class `TestCheckpointResume` reads `self.assertEqual`, but no assignment to it exists in __init__ …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:19
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_known_providers_resolve` of class `TestProviderDefaultUrl` reads `self.assertEqual`, but no assignment to it exists in …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:20
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_known_providers_resolve` of class `TestProviderDefaultUrl` reads `self.assertEqual`, but no assignment to it exists in …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:21
· conf 1.00
[MINED108] `self.assertIsNone` used but never assigned in __init__: Method `test_known_providers_resolve` of class `TestProviderDefaultUrl` reads `self.assertIsNone`, but no assignment to it exists i…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:25
· conf 1.00
[MINED108] `self.assertIsNone` used but never assigned in __init__: Method `test_unknown_provider_returns_none` of class `TestProviderDefaultUrl` reads `self.assertIsNone`, but no assignment to it ex…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:30
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_ollama_honors_base_url_env` of class `TestProviderDefaultUrl` reads `self.assertEqual`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:78
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_env_config_skips_llm_prompts` of class `TestCliSkipsPromptsFromEnv` reads `self.assertEqual`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:79
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_env_config_skips_llm_prompts` of class `TestCliSkipsPromptsFromEnv` reads `self.assertEqual`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:80
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_env_config_skips_llm_prompts` of class `TestCliSkipsPromptsFromEnv` reads `self.assertEqual`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:81
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_env_config_skips_llm_prompts` of class `TestCliSkipsPromptsFromEnv` reads `self.assertEqual`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_cli_env_skip.py:82
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_env_config_skips_llm_prompts` of class `TestCliSkipsPromptsFromEnv` reads `self.assertEqual`, but no assignment to it e…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_google_api_key.py:22
· conf 1.00
[MINED108] `self.subTest` used but never assigned in __init__: Method `test_api_key_handling` of class `TestGoogleApiKeyStandardization` reads `self.subTest`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/test_google_api_key.py:27
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_api_key_handling` of class `TestGoogleApiKeyStandardization` reads `self.assertEqual`, but no assignment to it exists i…MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
Dockerfile:1
· conf 0.90
[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build…MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
Dockerfile:12
· conf 0.90
[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build…SEC004
SQL Injection Risk
tradingagents/graph/checkpointer.py:85
· conf 0.50
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
tradingagents/dataflows/alpha_vantage_common.py:79
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
tradingagents/llm_clients/azure_client.py:27
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
tradingagents/llm_clients/openai_client.py:170
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC078
Python: requests without timeout
tradingagents/dataflows/alpha_vantage_common.py:79
· conf 1.00
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
tradingagents/agents/utils/agent_utils.py:98
· conf 0.95
[COMP001] High cognitive complexity: Function `build_instrument_context` has cognitive complexity 18 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to underst…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundDKR003
Dockerfile base image uses the latest tag
docker-compose.yml:10
· conf 0.94
Compose service `ollama` image uses the latest tagDKR014
Dockerfile copies the entire context without .dockerignore
Dockerfile:10
· conf 0.76
Dockerfile copies broad context with incomplete .dockerignoreMINED109
Mutable default argument
CWE-1023
tradingagents/graph/setup.py:32
· conf 1.00
[MINED109] Mutable default argument in `setup_graph` (list): `def setup_graph(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls.…MINED109
Mutable default argument
CWE-1023
tradingagents/graph/trading_graph.py:55
· conf 1.00
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…MINED111
Bare except continues silently
cli/announcements.py:23
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
cli/main.py:1279
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
cli/utils.py:185
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/alpha_vantage_common.py:132
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/alpha_vantage_indicator.py:225
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/interface.py:167
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/market_data_validator.py:81
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/yfinance_news.py:107
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/yfinance_news.py:201
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:174
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:249
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:321
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:356
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:391
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:426
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
tradingagents/dataflows/y_finance.py:453
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED124
requirements.txt entry has no version pin
CWE-1357
requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `.` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, accou…SEC123
Production stack trace / debug output exposed
main.py:12
· conf 1.00
[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals — sometimes triggers RCE (Django debug page w…AIC003
Duplicated implementation block across source files
tradingagents/agents/analysts/market_analyst.py:43
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tradingagents/agents/analysts/news_analyst.py:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tradingagents/agents/analysts/news_analyst.py:23
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tradingagents/agents/researchers/bull_researcher.py:10
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/smoke_structured_output.py:107
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
tradingagents/agents/utils/memory.py:165
· conf 0.95
[COMP001] High cognitive complexity: Function `batch_update_with_outcomes` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to under…DKC010
Compose service lacks no-new-privileges hardening
docker-compose.yml:1
· conf 0.62
Compose service lacks no-new-privileges hardeningDKC010
Compose service lacks no-new-privileges hardening
docker-compose.yml:17
· conf 0.62
Compose service lacks no-new-privileges hardeningDKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 17 more): Same pattern found in 17 additional files. Review if needed.MINED043
Http Not Https
CWE-319
tradingagents/dataflows/reddit.py:41
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
tradingagents/agents/utils/structured.py:39
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
tradingagents/dataflows/alpha_vantage_common.py:18
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
tradingagents/__init__.py:16
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED062
Python Dataclass No Fields
tradingagents/llm_clients/capabilities.py:30
· conf 1.00
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.MINED067
Python Requests No Timeout
CWE-400
cli/announcements.py:16
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED067
Python Requests No Timeout
CWE-400
tradingagents/dataflows/alpha_vantage_common.py:79
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.MINED069
Debug True Prod
CWE-489
main.py:12
· conf 1.00
[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.SEC078
Python: requests without timeout
cli/announcements.py:16
· conf 0.10
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/079f1bd0-c494-4d7d-898d-1981499462db/.