https://github.com/dlt-hub/dlt ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
SEC022 Database URL With Embedded Credential |
critical | 4 |
SEC015 Insecure Randomness for Security |
medium | 2 |
SEC004 SQL Injection Risk |
high | 2 |
SEC007 Unsafe Deserialization |
medium | 1 |
SEC001 Hardcoded Password |
critical | 1 |
SEC003 Hardcoded Secret |
critical | 1 |
SEC005 Command Injection Risk |
high | 1 |
SEC020 Secret Printed to Logs |
high | 1 |
SEC022
Database URL With Embedded Credential
docs/examples/archive/quickstart.py:22
· conf 0.45
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
docs/examples/postgres_to_postgres/postgres_to_postgres.py:99
· conf 0.45
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC022
Database URL With Embedded Credential
docs/website/docs/general-usage/snippets/destination-snippets.py:63
· conf 0.45
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…SEC004
SQL Injection Risk
dlt/destinations/sql_jobs.py:250
· conf 0.50
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC004
SQL Injection Risk
docs/examples/logfire_telemetry_export/logfire_telemetry_export.py:61
· conf 0.85
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.SEC001
Hardcoded Password
docs/examples/arize_phoenix_export/arize_phoenix_export.py:36
· conf 0.30
[SEC001] Hardcoded Password: Hardcoded password found in source code.SEC007
Unsafe Deserialization
dlt/pipeline/trace.py:341
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC005
Command Injection Risk
docs/docs_tools/education/preprocess_to_molab.py:236
· conf 0.30
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC003
Hardcoded Secret
docs/education/dlt-fundamentals-course/lesson_3_pagination_and_authentication_and_dlt_configuration.py:693
· conf 0.15
[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.SEC015
Insecure Randomness for Security
dlt/common/storages/transactional_file.py:175
· conf 0.15
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC015
Insecure Randomness for Security
dlt/_workspace/_templates/_single_file_templates/fruitshop_pipeline.py:69
· conf 0.25
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.SEC020
Secret Printed to Logs
docs/website/scripts/verify-llms-txt.js:114
· conf 0.10
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC022
Database URL With Embedded Credential
[SEC022] Database URL With Embedded Credential (and 1 more): Same pattern found in 1 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/8787f402-3e37-4855-ad34-68a28e5a97cc/.