Skip to content

Create noncompliant.py#7

Open
yueny2020 wants to merge 1 commit into
mainfrom
yueny2020-patch-7
Open

Create noncompliant.py#7
yueny2020 wants to merge 1 commit into
mainfrom
yueny2020-patch-7

Conversation

@yueny2020
Copy link
Copy Markdown
Owner

@yueny2020 yueny2020 commented Aug 10, 2024

tst noncompliant

github-advanced-security[bot]
github-advanced-security AI found potential problems Aug 10, 2024
View reviewed changes
Comment thread noncompliant.py
try:
catch_and_try_something()
# Noncompliant: unnecessary `except` clause.
except ValueError:

Check notice

Code scanning / CodeGuru Security Scanner

Catching and re-throwing an exception without further actions is redundant and wasteful.

We detected an `except` clause that is not necessary because it catches and re-throws an exception without doing anything with it. To call additional operations on the caught exception, consider wrapping it into a custom exception that adds more information or special handling.
Comment thread noncompliant.py
access_key = credentials.access_key
secret_key = credentials.secret_key
# Noncompliant: credentials are written to the logger.
logging.info('Access key: ', access_key)

Check failure

Code scanning / CodeGuru Security Scanner

CWE-255 - AWS credentials logged

We detected that unencrypted AWS credentials are logged in your code. This could expose those credentials to an attacker. To make your code more secure, encrypt sensitive data, such as credentials, before they are logged. [Learn more](https://cwe.mitre.org/data/definitions/798.html) Similar issue at line number 28.
Comment thread noncompliant.py
with sqlite3.connect("example.db") as connection:
cursor = connection.cursor()
# Noncompliant: user input is used without sanitization.
cursor.execute(query)

Check failure

Code scanning / CodeGuru Security Scanner

CWE-89 - SQL injection

We detected an SQL command that might use unsanitized input. This can result in an SQL injection. To increase the security of your code, sanitize inputs before using them to form a query string. [Learn more](https://cwe.mitre.org/data/definitions/89.html)
Comment thread noncompliant.py
def create_session_noncompliant():
import boto3
# Noncompliant: uses hardcoded secret access key.
sample_key = "AjWnyxxxxx45xxxxZxxxX7ZQxxxxYxxx1xYxxxxx"

Check failure

Code scanning / CodeGuru Security Scanner

CWE-798 - Hardcoded credentials

Your code uses hardcoded AWS credentials which might allow unauthorized users access to your AWS account. These attacks can occur a long time after the credentials are removed from the code. We recommend that you set AWS credentials with environment variables or an AWS profile instead. You should consider deleting the affected account or rotating the secret key and then monitoring Amazon CloudWatch for unexpected activity. [https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yueny2020 @github-advanced-security