3.1 KiB
3.1 KiB
Ploughshares Security and Code Quality Scan Results
Deployment Status
✅ Application successfully deployed
- Web application running at http://localhost:5001
- API documentation available at http://localhost:5001/api-docs
Test Results
Functionality Tests
✅ All tests passed
- Core imports verified
- API routes verified
Code Quality Tests
✅ All tests passed
- Python syntax valid
- No inappropriate print statements
Dependency Tests
✅ Basic tests passed
- requirements.txt exists
- No known vulnerable package versions in hardcoded list
Security Scan Results
Dependency Vulnerabilities (Safety)
⚠️ Multiple vulnerabilities detected in dependencies
| Package | Installed | Affected | Issue ID |
|---|---|---|---|
| flask | 2.2.2 | <2.2.5 | 55261 |
| flask | 2.2.2 | <3.1.1 | 77323 |
| requests | 2.28.1 | <2.32.2 | 71064 |
| requests | 2.28.1 | >=2.3.0,<2.31.0 | 58755 |
| gunicorn | 20.1.0 | <21.2.0 | 72780 |
| gunicorn | 20.1.0 | <22.0.0 | 71600 |
| gunicorn | 20.1.0 | <23.0.0 | 76244 |
| werkzeug | 2.3.7 | <2.3.8 | 62019 |
| werkzeug | 2.3.7 | <3.0.3 | 71594 |
| werkzeug | 2.3.7 | <3.0.6 | 73969 |
| werkzeug | 2.3.7 | <3.0.6 | 73889 |
| werkzeug | 2.3.7 | <=2.3.7 | 71595 |
| jinja2 | 3.1.2 | <3.1.3 | 64227 |
| jinja2 | 3.1.2 | <3.1.4 | 71591 |
| jinja2 | 3.1.2 | <3.1.5 | 76378 |
| jinja2 | 3.1.2 | <3.1.5 | 74735 |
| jinja2 | 3.1.2 | <3.1.6 | 75976 |
Code Security Issues (Bandit)
⚠️ 3 potential security issues detected
-
Hardcoded Password String (Severity: Low, Confidence: Medium)
- Location: app.py:20
- Issue:
app.secret_key = 'supersecretkey' - CWE-259: Use of Hard-coded Password
-
Binding to All Interfaces (Severity: Medium, Confidence: Medium)
- Location: app.py:220
- Issue:
app.run(host='0.0.0.0', port=port) - CWE-605: Multiple Binds to the Same Port
-
Hardcoded Password in Function Argument (Severity: Low, Confidence: Medium)
- Location: init_db.py:6-11
- Issue:
password="testpass"in database connection - CWE-259: Use of Hard-coded Password
Recommendations
Immediate Actions
- Update vulnerable dependencies to their latest secure versions
- Replace hardcoded secrets with environment variables
- Restrict network binding in development environments
Long-term Improvements
- Implement secret management solution
- Add continuous security scanning in CI/CD pipeline
- Establish dependency update policy
Next Steps
- Run
./install-codechecks.shto install all required code quality tools - Update dependencies to secure versions
- Address security findings