https://github.com/huangjunsen0406/py-xiaozhi ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC020 Secret Printed to Logs |
high | 3 |
SEC005 Command Injection Risk |
high | 1 |
SEC014 SSL Verification Disabled |
medium | 1 |
SEC015 Insecure Randomness for Security |
medium | 1 |
SEC013 Path Traversal — User Input in File Path |
high | 1 |
SEC013
Path Traversal — User Input in File Path
scripts/keyword_generator.py:319
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC020
Secret Printed to Logs
scripts/keyword_generator.py:69
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC005
Command Injection Risk
.trellis/scripts/common/task_utils.py:240
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC014
SSL Verification Disabled
src/activation/service.py:555
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.SEC015
Insecure Randomness for Security
src/utils/audio_utils.py:121
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
scripts/camera_scanner.py:96
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
src/mcp/tools/camera/normal_camera.py:37
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/57263f9d-e867-4072-a691-2b0ee18162b6/.