https://github.com/opengaming/osgameclones ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 14 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
MINED109 Mutable default argument |
medium | 2 |
DKR008 .dockerignore misses sensitive defaults |
low | 1 |
MINED111 Bare except continues silently |
medium | 1 |
SEC103 LDAP injection — non-constant search filter |
high | 1 |
DKR001 Docker final stage has no non-root USER |
medium | 1 |
MINED044 Js Console Log Prod |
info | 1 |
MINED108 self.attribute used but never assigned in __init__ |
high | 1 |
WEB008 Public docs site has no llms.txt |
low | 1 |
COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/hacktoberfest.py:28
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 27 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…CORE_NO_TESTS
No test files found
No test files foundMINED108
self.attribute used but never assigned in __init__
CWE-476
_ext.py:31
· conf 1.00
[MINED108] `self.names` used but never assigned in __init__: Method `slug` of class `Game` reads `self.names`, but no assignment to it exists in __init__ (and no class-level fallback). This raises At…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:8
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:11
· conf 0.90
[MINED115] Action `ibiqlik/action-yamllint` pinned to mutable ref `@v3`: `uses: ibiqlik/action-yamllint@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:21
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:24
· conf 0.90
[MINED115] Action `abatilo/actions-poetry` pinned to mutable ref `@v4.0.0`: `uses: abatilo/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:27
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:41
· conf 0.90
[MINED115] Action `actions/upload-pages-artifact` pinned to mutable ref `@v3`: `uses: actions/upload-pages-artifact@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:59
· conf 0.90
[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_check.yml:9
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_check.yml:12
· conf 0.90
[MINED115] Action `abatilo/actions-poetry` pinned to mutable ref `@v4.0.0`: `uses: abatilo/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_check.yml:15
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_check.yml:28
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_comment.yml:15
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_comment.yml:18
· conf 0.90
[MINED115] Action `abatilo/actions-poetry` pinned to mutable ref `@v4.0.0`: `uses: abatilo/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/pr_comment.yml:21
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED118
Dockerfile FROM not pinned by sha256 digest
CWE-829
Dockerfile:16
· conf 0.90
[MINED118] Dockerfile FROM `nginx:1.27.4-alpine` not pinned by digest: `FROM nginx:1.27.4-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
.github/workflows/pr_check.py:193
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC103
LDAP injection — non-constant search filter
.github/workflows/pr_check.py:184
· conf 1.00
[SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts.DKR001
Docker final stage has no non-root USER
Dockerfile:17
· conf 0.82
Docker final stage has no non-root USERDKR002
Dockerfile base image has no explicit tag
Dockerfile:1
· conf 0.90
Dockerfile base image has no explicit tagDKR014
Dockerfile copies the entire context without .dockerignore
Dockerfile:5
· conf 0.76
Dockerfile copies broad context with incomplete .dockerignoreDKR017
Dockerfile installs dependencies after copying the full source tree
Dockerfile:14
· conf 0.90
Dockerfile installs dependencies after copying the full source treeMINED109
Mutable default argument
CWE-1023
_ext.py:126
· conf 1.00
[MINED109] Mutable default argument in `parse_item` (dict): `def parse_item(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. M…MINED109
Mutable default argument
CWE-1023
_ext.py:126
· conf 1.00
[MINED109] Mutable default argument in `parse_item` (list): `def parse_item(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. M…MINED111
Bare except continues silently
_ext.py:262
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC012
ZipSlip — Archive Path Traversal
.github/workflows/pr_comment.py:40
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtWEB015
Public web app has no Content Security Policy
index.html
· conf 0.70
Public web app has no Content Security PolicyCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/awesome_game_remakes.py:26
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/check_links.py:19
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches…DKR008
.dockerignore misses sensitive defaults
.dockerignore
· conf 0.72
.dockerignore misses sensitive defaultsWEB002
Public web app has no sitemap
sitemap.xml
· conf 0.72
Public web app has no sitemapWEB008
Public docs site has no llms.txt
llms.txt
· conf 0.64
Public docs site has no llms.txtWEB011
Public web app has no humans.txt
humans.txt
· conf 0.50
Public web app has no humans.txtCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
templates/forms/static/main.js:20
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED050
Stub Only Function
CWE-1188
render.py:33
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED072
Python Pass Only Class
CWE-1188
render.py:32
· conf 1.00
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/72d19b5e-7f9c-4656-9ae4-1db71aafbad8/.