1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
{
"version": "14.0.4",
"vulnerabilities": [
{
"id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",
"category": "sast",
"message": "Deserialization of Untrusted Data",
"description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
"cve": "",
"severity": "Critical",
"scanner": {
"id": "bandit",
"name": "Bandit"
},
"location": {
"file": "app/app.py",
"start_line": 39
},
"identifiers": [
{
"type": "bandit_test_id",
"name": "Bandit Test ID B506",
"value": "B506"
}
]
}
],
"scan": {
"scanner": {
"id": "bandit",
"name": "Bandit",
"url": "https://github.com/PyCQA/bandit",
"vendor": {
"name": "GitLab"
},
"version": "1.7.1"
},
"type": "sast",
"start_time": "2022-03-11T00:21:49",
"end_time": "2022-03-11T00:21:50",
"status": "success"
}
}
|
