search

Nullify-Platform / config-file-parser

Nullify config file parser
https://github.com/Nullify-Platform
MIT License
0 stars 0 forks source link

Vulnerabilities Dashboard - Code #82

Open nullify-latest[bot] opened 6 months ago

nullify-latest[bot] commented 6 months ago

Severity Threshold: 🔵 MEDIUM

1 Potential vulnerability sources found within this repo

🔴 CRITICAL 🟡 HIGH 🔵 MEDIUM ⚪ LOW
0 0 1 0

ID: 01J0AFXMQB70HYS1ESS1B0ZMKX Language: Go Severity: 🔵 MEDIUM CWE-22

Potential file inclusion via variable

The vulnerability identified, 'Potential file inclusion via variable', refers to a security issue where the file path provided to the os.ReadFile(path) function is not being validated or sanitized before use. This means if an attacker can influence the contents of the 'path' variable, they could potentially make the server read a file that should not be accessed. This type of vulnerability is generally referred to as 'Local File Inclusion' (LFI), where an attacker could access or manipulate local files on the server using a vulnerable path or file handling function. Read more: https://cwe.mitre.org/data/definitions/22.html https://github.com/Nullify-Platform/config-file-parser/blob/2aee30a6a885771993a62fa92bd655c1fe056d5a/pkg/parser/load_from_file.go#L10

Reply with /nullify to interact with me like another developer

nullify-latest[bot] commented 4 months ago

New code security updates for commit 7b08802cad0eab274223c14606e351ff06708a25

New Fixed Allowlisted Unallowlisted
2 0 2 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HV0QZW6E1W9MAVPDJQ5BXBCD | Image user should not be 'root' | Dockerfile | 1 | 0 | | 01HV0QZW6E1W9MAVPDJSGDTPK2 | No HEALTHCHECK defined | Dockerfile | 1 | 0 | ### New Allowlisted Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HV0QZW6E1W9MAVPDJQ5BXBCD | Image user should not be 'root' | Dockerfile | 1 | 0 | | 01HV0QZW6E1W9MAVPDJSGDTPK2 | No HEALTHCHECK defined | Dockerfile | 1 | 0 |
nullify-latest[bot] commented 2 months ago

New code security updates for commit be95f0cb87719124235dd5e77764f0e13841afa4

New Fixed Allowlisted Unallowlisted
1 0 1 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J0AFXMQB70HYS1ESS1B0ZMKX | Potential file inclusion via variable | pkg/parser/load_from_file.go | 10 | 22 | ### New Allowlisted Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01J0AFXMQB70HYS1ESRT3VG7H8 | Image user should not be 'root' | Dockerfile | 1 | 0 |