← Legacy view v2 (rp.*)

bashaarz/visualize-qatar

https://github.com/bashaarZ/visualize-qatar.git · lang: python · LOC: · source: user_submitted

Quality
53.0
Grade C-
Security
100.0
Findings
8
0 critical · 4 high
Status
completed
May 18, 2026 14:47
high: 4 low: 2 info: 1 medium: 1
Top rules by occurrence
RuleSeverityCount
MINED067 Python Requests No Timeout info 1
CORE_NO_LICENSE No LICENSE file low 1
CORE_NO_CI No CI/CD configuration found medium 1
SEC078 Python: requests without timeout high 1
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… high 1
CORE_NO_TESTS No test files found high 1
SEC128 Async function without await — fire-and-forget Promise (AI … high 1
SEC124 TOCTOU file access (os.access then open) low 1
First 8 findings (severity-sorted)
high CORE_NO_TESTS No test files found 
No test files found
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
qatar_analysis.py:137 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC078 Python: requests without timeout
qatar_analysis.py:98 · conf 1.00 
[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-…
high SEC128 Async function without await — fire-and-forget Promise (AI mistake)
qatar_analysis.py:203 · conf 1.00 
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
low SEC124 TOCTOU file access (os.access then open)
qatar_analysis.py:133 · conf 1.00 
[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated …
info MINED067 Python Requests No Timeout CWE-400
qatar_analysis.py:98 · conf 1.00 
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/a1096069-e6b4-4028-b5eb-e5a3a3371da0/.