https://github.com/sharkdp/bat ·
lang: rust ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
MINED106 Phantom test coverage (assertion-free test) |
high | 25 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 19 |
MINED124 requirements.txt entry has no version pin |
medium | 11 |
MINED121 pip requirement pulled from git/URL (PyPI bypass) |
high | 8 |
MINED059 Rust Expect In Prod |
info | 4 |
MINED003 Rust Unwrap In Prod |
high | 4 |
MINED043 Http Not Https |
info | 2 |
MINED107 Missing Python import (NameError at runtime) |
critical | 1 |
DKR007 Docker build context has no .dockerignore |
medium | 1 |
MINED107
Missing Python import (NameError at runtime)
CWE-1075
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7397
· conf 1.00
[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes.MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/CICD.yml:464
· conf 0.90
[MINED116] Workflow uses `secrets.WINGET_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.WINGET_TOKEN }` lets a…MINED003
Rust Unwrap In Prod
CWE-755
examples/advanced.rs:17
· conf 1.00
[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.MINED003
Rust Unwrap In Prod
CWE-755
examples/buffer.rs:19
· conf 1.00
[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.MINED003
Rust Unwrap In Prod
CWE-755
examples/cat.rs:12
· conf 1.00
[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:79
· conf 1.00
[MINED106] Phantom test coverage: test_writeable: Test function `test_writeable` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage withou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:88
· conf 1.00
[MINED106] Phantom test coverage: test_writeable_any_base: Test function `test_writeable_any_base` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:121
· conf 1.00
[MINED106] Phantom test coverage: test_writeable_from_readonly: Test function `test_writeable_from_readonly` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:132
· conf 1.00
[MINED106] Phantom test coverage: test_writeable_from_buffer: Test function `test_writeable_from_buffer` runs code but contains no assert / expect / should call — it passes regardless of behaviour. A…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:150
· conf 1.00
[MINED106] Phantom test coverage: test_writeable_pickle: Test function `test_writeable_pickle` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line c…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:201
· conf 1.00
[MINED106] Phantom test coverage: test_warnonwrite: Test function `test_warnonwrite` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage wi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:211
· conf 1.00
[MINED106] Phantom test coverage: test_otherflags: Test function `test_otherflags` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:230
· conf 1.00
[MINED106] Phantom test coverage: test_string_align: Test function `test_string_align` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:237
· conf 1.00
[MINED106] Phantom test coverage: test_void_align: Test function `test_void_align` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:244
· conf 1.00
[MINED106] Phantom test coverage: test_int: Test function `test_int` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:270
· conf 1.00
[MINED106] Phantom test coverage: test_attributes: Test function `test_attributes` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage with…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:291
· conf 1.00
[MINED106] Phantom test coverage: test_dtypeattr: Test function `test_dtypeattr` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage withou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:6329
· conf 1.00
[MINED106] Phantom test coverage: test_matmul_inplace: Test function `test_matmul_inplace` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7394
· conf 1.00
[MINED106] Phantom test coverage: test_interface_no_shape: Test function `test_interface_no_shape` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7401
· conf 1.00
[MINED106] Phantom test coverage: test_array_interface_itemsize: Test function `test_array_interface_itemsize` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7411
· conf 1.00
[MINED106] Phantom test coverage: test_array_interface_empty_shape: Test function `test_array_interface_empty_shape` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7436
· conf 1.00
[MINED106] Phantom test coverage: test_array_interface_offset: Test function `test_array_interface_offset` runs code but contains no assert / expect / should call — it passes regardless of behaviour.…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7450
· conf 1.00
[MINED106] Phantom test coverage: test_flat_element_deletion: Test function `test_flat_element_deletion` runs code but contains no assert / expect / should call — it passes regardless of behaviour. A…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:7461
· conf 1.00
[MINED106] Phantom test coverage: test_scalar_element_deletion: Test function `test_scalar_element_deletion` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8278
· conf 1.00
[MINED106] Phantom test coverage: test_orderconverter_with_nonASCII_unicode_ordering: Test function `test_orderconverter_with_nonASCII_unicode_ordering` runs code but contains no assert / expect / sh…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8284
· conf 1.00
[MINED106] Phantom test coverage: test_equal_override: Test function `test_equal_override` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cover…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8310
· conf 1.00
[MINED106] Phantom test coverage: test_npymath_complex: Test function `test_npymath_complex` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line cov…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8329
· conf 1.00
[MINED106] Phantom test coverage: test_npymath_real: Test function `test_npymath_real` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8350
· conf 1.00
[MINED106] Phantom test coverage: test_uintalignment_and_alignment: Test function `test_uintalignment_and_alignment` runs code but contains no assert / expect / should call — it passes regardless of …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:8457
· conf 1.00
[MINED106] Phantom test coverage: test_getfield: Test function `test_getfield` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without …MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:77
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `setup` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attr…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:81
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_writeable` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:84
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_writeable` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:85
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_writeable` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:86
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_writeable` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:107
· conf 1.00
[MINED108] `self.arr` used but never assigned in __init__: Method `test_writeable_any_base` of class `TestFlags` reads `self.arr`, but no assignment to it exists in __init__ (and no class-level fallb…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:212
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:213
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:214
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:215
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:216
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:217
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:218
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:219
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:220
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:222
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:224
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:225
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:226
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:227
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:228
· conf 1.00
[MINED108] `self.a` used but never assigned in __init__: Method `test_otherflags` of class `TestFlags` reads `self.a`, but no assignment to it exists in __init__ (and no class-level fallback). This r…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:266
· conf 1.00
[MINED108] `self.one` used but never assigned in __init__: Method `setup` of class `TestAttributes` reads `self.one`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:267
· conf 1.00
[MINED108] `self.two` used but never assigned in __init__: Method `setup` of class `TestAttributes` reads `self.two`, but no assignment to it exists in __init__ (and no class-level fallback). This ra…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:268
· conf 1.00
[MINED108] `self.three` used but never assigned in __init__: Method `setup` of class `TestAttributes` reads `self.three`, but no assignment to it exists in __init__ (and no class-level fallback). Thi…MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/benchmarks/highlighting-speed-src/numpy_test_multiarray.py:274
· conf 1.00
[MINED108] `self.three` used but never assigned in __init__: Method `test_attributes` of class `TestAttributes` reads `self.three`, but no assignment to it exists in __init__ (and no class-level fall…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:38
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:58
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:61
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:71
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:73
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`: `uses: dtolnay/rust-toolchain@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:83
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:93
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:97
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:122
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:127
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:138
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:140
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:153
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:181
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:192
· conf 0.90
[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:425
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@master`: `uses: actions/upload-artifact@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action own…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:431
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@master`: `uses: actions/upload-artifact@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action own…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/CICD.yml:445
· conf 0.90
[MINED115] Action `softprops/action-gh-release` pinned to mutable ref `@v2`: `uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action own…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/require-changelog-for-PRs.yml:16
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:26
· conf 0.90
[MINED121] requirements.txt installs from `pip @ https://github.com/pypa/pip/archive/1.3.1.zi...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:31
· conf 0.90
[MINED121] requirements.txt installs from `-e git+git://git.myproject.org/MyProject#egg=MyPro...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:33
· conf 0.90
[MINED121] requirements.txt installs from `-e hg+https://hg.myproject.org/MyProject#egg=MyPro...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:34
· conf 0.90
[MINED121] requirements.txt installs from `-e hg+http://hg.myproject.org/MyProject@da39a3ee5e...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:35
· conf 0.90
[MINED121] requirements.txt installs from `-e svn+http://svn.myproject.org/svn/MyProject/trun...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:36
· conf 0.90
[MINED121] requirements.txt installs from `-e bzr+ssh://[email protected]/MyProject/trunk#eg...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:37
· conf 0.90
[MINED121] requirements.txt installs from `-e bzr+https://bzr.myproject.org/MyProject/trunk@2...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …MINED121
pip requirement pulled from git/URL (PyPI bypass)
CWE-829
tests/syntax-tests/source/Requirements.txt/requirements.txt:40
· conf 0.90
[MINED121] requirements.txt installs from `https://github.com/pallets/click/archive/7.0.zip#e...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + …DKR001
Docker final stage has no non-root USER
tests/syntax-tests/source/Dockerfile/Dockerfile:2
· conf 0.82
Docker final stage has no non-root USERDKR007
Docker build context has no .dockerignore
.dockerignore
· conf 0.90
Docker build context has no .dockerignoreMINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:1
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m Options[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer rele…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:2
· conf 0.90
[MINED124] requirements.txt: `[38;2;166;226;46m--allow-external[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introd…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:3
· conf 0.90
[MINED124] requirements.txt: `[38;2;166;226;46m--allow-unverified[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can intr…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:5
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m Freeze packages[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Ne…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:23
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m Examples from PEP508[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different versio…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:24
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m c.f. https://www.python.org/dev/peps/pep-0508/[0m` has no version pin: Unpinned pip requirement means every fresh install may …MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:30
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m VCS repositories[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. N…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:31
· conf 0.90
[MINED124] requirements.txt: `[38;2;166;226;46m-e[0m[38;2;248;248;242m [0m[4;38;2;166;226;46mgit+git://git.myproject.org/MyProject#egg=MyProject[0m[38;2;248;248;242m [0m[38;2;117;113;94m#[0…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:33
· conf 0.90
[MINED124] requirements.txt: `[38;2;166;226;46m-e[0m[38;2;248;248;242m [0m[4;38;2;166;226;46mhg+https://hg.myproject.org/MyProject#egg=MyProject[0m[38;2;248;248;242m [0m[38;2;117;113;94m#[0…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:39
· conf 0.90
[MINED124] requirements.txt: `[38;2;117;113;94m#[0m[38;2;117;113;94m Project or archive URL[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a different vers…MINED124
requirements.txt entry has no version pin
CWE-1357
tests/syntax-tests/highlighted/Requirements.txt/requirements.txt:40
· conf 0.90
[MINED124] requirements.txt: `[4;38;2;166;226;46mhttps://github.com/pallets/click/archive/7.0.zip#egg=click[0m` has no version pin: Unpinned pip requirement means every fresh install may resolve a …AIC007
Generated build artifact directory is present at repository root
build:1
· conf 0.70
Generated build artifact directory is present at repository rootDKR002
Dockerfile base image has no explicit tag
tests/syntax-tests/source/Dockerfile/Dockerfile:2
· conf 0.48
Dockerfile base image is selected through a build variableMINED003
Rust Unwrap In Prod
CWE-755
[MINED003] Rust Unwrap In Prod (and 7 more): Same pattern found in 7 additional files. Review if needed.MINED043
Http Not Https
CWE-319
src/assets/build_assets/acknowledgements.rs:96
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
src/less.rs:48
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED059
Rust Expect In Prod
CWE-755
[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.MINED059
Rust Expect In Prod
CWE-755
src/assets/assets_metadata.rs:69
· conf 1.00
[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.MINED059
Rust Expect In Prod
CWE-755
src/assets/build_assets/acknowledgements.rs:137
· conf 1.00
[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.MINED059
Rust Expect In Prod
CWE-755
src/output.rs:36
· conf 1.00
[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/b504f98d-17fc-4f9d-a9ba-35a8204074a9/.