From ae66bf019361fe71347de5a5e598c264c73745a3 Mon Sep 17 00:00:00 2001 From: colin Date: Thu, 3 Jul 2025 13:53:28 -0400 Subject: [PATCH] Remove outdated scan result files --- scan-results-updated.md | 73 ---------------------------------- scan-results.md | 86 ----------------------------------------- 2 files changed, 159 deletions(-) delete mode 100644 scan-results-updated.md delete mode 100644 scan-results.md diff --git a/scan-results-updated.md b/scan-results-updated.md deleted file mode 100644 index e4e39c7..0000000 --- a/scan-results-updated.md +++ /dev/null @@ -1,73 +0,0 @@ -# Ploughshares Security and Code Quality Scan Results (Updated) - -## Deployment Status - -✅ **Application successfully deployed** -- Web application running at http://localhost:5001 -- API documentation available at http://localhost:5001/api-docs - -## Test Results - -### Functionality Tests -✅ **All tests passed** -- Core imports verified -- API routes verified - -### Code Quality Tests -✅ **All tests passed** -- Python syntax valid -- No inappropriate print statements - -### Dependency Tests -✅ **All tests passed** -- requirements.txt exists -- No known vulnerable package versions - -## Security Scan Results - -### Dependency Vulnerabilities (Safety) - -✅ **No vulnerabilities detected in dependencies** - -All dependencies have been updated to secure versions: -- Flask: 2.2.2 → 3.1.1 -- psycopg2-binary: 2.9.3 → 2.9.9 -- requests: 2.28.1 → 2.32.2 -- gunicorn: 20.1.0 → 23.0.0 -- Werkzeug: 2.3.7 → 3.0.6 -- Jinja2: 3.1.2 → 3.1.6 - -### Code Security Issues (Bandit) - -⚠️ **3 potential security issues remain to be addressed** - -1. **Hardcoded Password String** (Severity: Low, Confidence: Medium) - - Location: app.py:20 - - Issue: `app.secret_key = 'supersecretkey'` - - CWE-259: Use of Hard-coded Password - -2. **Binding to All Interfaces** (Severity: Medium, Confidence: Medium) - - Location: app.py:220 - - Issue: `app.run(host='0.0.0.0', port=port)` - - CWE-605: Multiple Binds to the Same Port - -3. **Hardcoded Password in Function Argument** (Severity: Low, Confidence: Medium) - - Location: init_db.py:6-11 - - Issue: `password="testpass"` in database connection - - CWE-259: Use of Hard-coded Password - -## Recommendations - -### Immediate Actions -1. ✅ **Update vulnerable dependencies** - COMPLETED -2. **Replace hardcoded secrets** with environment variables -3. **Restrict network binding** in development environments - -### Long-term Improvements -1. Implement **secret management** solution -2. Add **continuous security scanning** in CI/CD pipeline -3. Establish **dependency update policy** - -## Next Steps -1. Run `./install-codechecks.sh` to install all required code quality tools -2. Address remaining security findings \ No newline at end of file diff --git a/scan-results.md b/scan-results.md deleted file mode 100644 index 77e9491..0000000 --- a/scan-results.md +++ /dev/null @@ -1,86 +0,0 @@ -# Ploughshares Security and Code Quality Scan Results - -## Deployment Status - -✅ **Application successfully deployed** -- Web application running at http://localhost:5001 -- API documentation available at http://localhost:5001/api-docs - -## Test Results - -### Functionality Tests -✅ **All tests passed** -- Core imports verified -- API routes verified - -### Code Quality Tests -✅ **All tests passed** -- Python syntax valid -- No inappropriate print statements - -### Dependency Tests -✅ **Basic tests passed** -- requirements.txt exists -- No known vulnerable package versions in hardcoded list - -## Security Scan Results - -### Dependency Vulnerabilities (Safety) - -⚠️ **Multiple vulnerabilities detected in dependencies** - -| Package | Installed | Affected | Issue ID | -|------------|-----------|-------------------------|----------| -| flask | 2.2.2 | <2.2.5 | 55261 | -| flask | 2.2.2 | <3.1.1 | 77323 | -| requests | 2.28.1 | <2.32.2 | 71064 | -| requests | 2.28.1 | >=2.3.0,<2.31.0 | 58755 | -| gunicorn | 20.1.0 | <21.2.0 | 72780 | -| gunicorn | 20.1.0 | <22.0.0 | 71600 | -| gunicorn | 20.1.0 | <23.0.0 | 76244 | -| werkzeug | 2.3.7 | <2.3.8 | 62019 | -| werkzeug | 2.3.7 | <3.0.3 | 71594 | -| werkzeug | 2.3.7 | <3.0.6 | 73969 | -| werkzeug | 2.3.7 | <3.0.6 | 73889 | -| werkzeug | 2.3.7 | <=2.3.7 | 71595 | -| jinja2 | 3.1.2 | <3.1.3 | 64227 | -| jinja2 | 3.1.2 | <3.1.4 | 71591 | -| jinja2 | 3.1.2 | <3.1.5 | 76378 | -| jinja2 | 3.1.2 | <3.1.5 | 74735 | -| jinja2 | 3.1.2 | <3.1.6 | 75976 | - -### Code Security Issues (Bandit) - -⚠️ **3 potential security issues detected** - -1. **Hardcoded Password String** (Severity: Low, Confidence: Medium) - - Location: app.py:20 - - Issue: `app.secret_key = 'supersecretkey'` - - CWE-259: Use of Hard-coded Password - -2. **Binding to All Interfaces** (Severity: Medium, Confidence: Medium) - - Location: app.py:220 - - Issue: `app.run(host='0.0.0.0', port=port)` - - CWE-605: Multiple Binds to the Same Port - -3. **Hardcoded Password in Function Argument** (Severity: Low, Confidence: Medium) - - Location: init_db.py:6-11 - - Issue: `password="testpass"` in database connection - - CWE-259: Use of Hard-coded Password - -## Recommendations - -### Immediate Actions -1. **Update vulnerable dependencies** to their latest secure versions -2. **Replace hardcoded secrets** with environment variables -3. **Restrict network binding** in development environments - -### Long-term Improvements -1. Implement **secret management** solution -2. Add **continuous security scanning** in CI/CD pipeline -3. Establish **dependency update policy** - -## Next Steps -1. Run `./install-codechecks.sh` to install all required code quality tools -2. Update dependencies to secure versions -3. Address security findings \ No newline at end of file