search

awslabs / aws-service-catalog-factory

This is a framework where you define a Service Catalog portfolio, products and versions using YAML. For versions of your products you specify where the source code for them can be found and the framework publishes the portfolio, products and versions in every* AWS Region after validating, linting and testing them.
Apache License 2.0
136 stars 44 forks source link

Code scanning resulted in some warnings #295

Closed sandrich closed 2 years ago

sandrich commented 2 years ago

Hi

We were running some code scanning against 0.87.1 release and got the following warnings

status file line message
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/commands/portfolios.py 1059 Starting a process with a shell, possible injection detected, security issue.
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/commands/portfolios.py 1071 Starting a process with a shell, possible injection detected, security issue.
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/utils.py 21 By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/commands/portfolios.py 1068 Starting a process with a shell, possible injection detected, security issue.
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/commands/portfolios.py 1077 Starting a process with a shell, possible injection detected, security issue.
ERROR aws-service-catalog-factory-0.87.1/servicecatalog_factory/commands/portfolios.py 1073 Starting a process with a shell, possible injection detected, security issue.
eamonnfaherty commented 2 years ago

which code scanner were you using?

eamonnfaherty commented 2 years ago

closing due to inactivity