← Legacy view v2 (rp.*)

charanrathod-cr17/phishing_url_detection

https://github.com/charanrathod-cr17/Phishing_URL_Detection.git · lang: python · LOC: · source: user_submitted

Quality
44.3
Grade D
Security
98.0
Findings
10
0 critical · 2 high
Status
completed
May 27, 2026 14:13
medium: 5 high: 2 low: 2 info: 1
Top rules by occurrence
RuleSeverityCount
CORE_NO_LICENSE No LICENSE file low 1
SEC011 Unsafe PyTorch Model Loading medium 1
MINED111 Bare except continues silently medium 1
CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of co… medium 1
CORE_NO_README No README file found medium 1
CORE_NO_CI No CI/CD configuration found medium 1
SEC045 eval()/exec() on stored or user-supplied data medium 1
AIC003 Duplicated implementation block across source files low 1
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… low 1
CORE_NO_TESTS No test files found high 1
First 10 findings (severity-sorted)
high COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
feature_extraction.py:22 · conf 0.95 
[COMP001] High cognitive complexity: Function `extract_url_features` has cognitive complexity 31 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand …
high CORE_NO_TESTS No test files found 
No test files found
medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
· conf 1.00 
[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium CORE_NO_README No README file found 
No README file found
medium MINED111 Bare except continues silently
feature_extraction.py:19 · conf 1.00 
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
medium SEC011 Unsafe PyTorch Model Loading
testing_code.py:62 · conf 1.00 
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.
low AIC003 Duplicated implementation block across source files
testing_code.py:22 · conf 0.86 
Duplicated implementation block across source files
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
info SEC045 eval()/exec() on stored or user-supplied data
testing_code.py:63 · conf 0.10 
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/5e66ba9d-6193-49ca-8c31-62581321adef/.